CVE-2021-39243
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Exploitability: 2.8 / Impact: 3.6
Source: NVD
Description
Cross-Site Request Forgery (CSRF) exists on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices via any CGI endpoint. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0, Nexto NX3005 1.8.11.0, Nexto NX3010 1.8.3.0, Nexto NX3020 1.8.3.0, Nexto NX3030 1.8.3.0, Nexto NX5100 1.8.11.0, Nexto NX5101 1.8.11.0, Nexto NX5110 1.1.2.8, Nexto NX5210 1.1.2.8, Nexto Xpress XP300 1.8.11.0, Nexto Xpress XP315 1.8.11.0, Nexto Xpress XP325 1.8.11.0, Nexto Xpress XP340 1.8.11.0, and Hadron Xtorm HX3040 1.7.58.0.
Affected (15)
Products: Altus: Nexto Nx3003 Firmware, Nexto Nx3004 Firmware, Nexto Nx3005 Firmware, Nexto Nx3010 Firmware, Nexto Nx3020 Firmware, Nexto Nx3030 Firmware, Nexto Nx5100 Firmware, Nexto Nx5101 Firmware, Nexto Nx5110 Firmware, Nexto Nx5210 Firmware, Nexto Xpress Xp300 Firmware, Nexto Xpress Xp315 Firmware, Nexto Xpress Xp325 Firmware, Nexto Xpress Xp340 Firmware, Hadron Xtorm Hx3040 Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.8.11.0 |
| Running on/with | Platform Versions |
|---|---|
Altus Nexto Nx3003 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.8.11.0 |
| Running on/with | Platform Versions |
|---|---|
Altus Nexto Nx3004 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.8.11.0 |
| Running on/with | Platform Versions |
|---|---|
Altus Nexto Nx3005 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.8.3.0 |
| Running on/with | Platform Versions |
|---|---|
Altus Nexto Nx3010 | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.8.3.0 |
| Running on/with | Platform Versions |
|---|---|
Altus Nexto Nx3020 | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.8.3.0 |
| Running on/with | Platform Versions |
|---|---|
Altus Nexto Nx3030 | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.8.11.0 |
| Running on/with | Platform Versions |
|---|---|
Altus Nexto Nx5100 | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.8.11.0 |
| Running on/with | Platform Versions |
|---|---|
Altus Nexto Nx5101 | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.1.2.8 |
| Running on/with | Platform Versions |
|---|---|
Altus Nexto Nx5110 | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.1.2.8 |
| Running on/with | Platform Versions |
|---|---|
Altus Nexto Nx5210 | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.8.11.0 |
| Running on/with | Platform Versions |
|---|---|
Altus Nexto Xpress Xp300 | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.8.11.0 |
| Running on/with | Platform Versions |
|---|---|
Altus Nexto Xpress Xp315 | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.8.11.0 |
| Running on/with | Platform Versions |
|---|---|
Altus Nexto Xpress Xp325 | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.8.11.0 |
| Running on/with | Platform Versions |
|---|---|
Altus Nexto Xpress Xp340 | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.7.58.0 |
| Running on/with | Platform Versions |
|---|---|
Altus Hadron Xtorm Hx3040 | All versions |
References (4)
Source: cve@mitre.org
ExploitMailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitMailing ListThird Party Advisory
Timeline
No history available yet.