← Back

CVE-2021-39291

nvd nist
Published: Aug 23, 2021Modified: Jun 17, 2026

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

Certain NetModule devices allow credentials via GET parameters to CLI-PHP. These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800.

Affected (3)

Netmodule
1 product
Netmodule Router Software
Configuration A
3 vulnerable · 15 platform
Vulnerable SoftwareAffected Versions
Netmodule
Netmodule Router Software
Before 4.3.0.113
Netmodule Router Software
From 4.4.0.0 to 4.4.0.111
Netmodule Router Software
From 4.5.0.0 to 4.5.0.105
Running on/withPlatform Versions
Netmodule
Nb1600
All versions
Netmodule
Nb1601
All versions
Netmodule
Nb1800
All versions
Netmodule
Nb1810
All versions
Netmodule
Nb2700
All versions
Netmodule
Nb2710
All versions
Netmodule
Nb2800
All versions
Netmodule
Nb2810
All versions
Netmodule
Nb3700
All versions
Netmodule
Nb3701
All versions
Netmodule
Nb3710
All versions
Netmodule
Nb3711
All versions
Netmodule
Nb3720
All versions
Netmodule
Nb3800
All versions
Netmodule
Nb800
All versions

Related CWEs

CWE-532
Insertion of Sensitive Information into Log File
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (4)

Source: cve@mitre.org
ExploitMailing ListThird Party Advisory
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitMailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.