← Back

CVE-2021-39290

nvd nist
Published: Aug 23, 2021Modified: Jun 17, 2026

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

Certain NetModule devices allow Limited Session Fixation via PHPSESSID. These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800.

Affected (3)

Netmodule
1 product
Netmodule Router Software
Configuration A
3 vulnerable · 15 platform
Vulnerable SoftwareAffected Versions
Netmodule
Netmodule Router Software
Before 4.3.0.113
Netmodule Router Software
From 4.4.0.0 to 4.4.0.111
Netmodule Router Software
From 4.5.0.0 to 4.5.0.105
Running on/withPlatform Versions
Netmodule
Nb1600
All versions
Netmodule
Nb1601
All versions
Netmodule
Nb1800
All versions
Netmodule
Nb1810
All versions
Netmodule
Nb2700
All versions
Netmodule
Nb2710
All versions
Netmodule
Nb2800
All versions
Netmodule
Nb2810
All versions
Netmodule
Nb3700
All versions
Netmodule
Nb3701
All versions
Netmodule
Nb3710
All versions
Netmodule
Nb3711
All versions
Netmodule
Nb3720
All versions
Netmodule
Nb3800
All versions
Netmodule
Nb800
All versions

Related CWEs

CWE-384
Session Fixation
Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

References (4)

Source: cve@mitre.org
ExploitMailing ListThird Party Advisory
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitMailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.