← Back

CVE-2021-40857

nvd nist
Published: Dec 13, 2021Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

Auerswald COMpact 5500R devices before 8.2B allow Privilege Escalation via the passwd=1 substring.

Affected (10)

Auerswald
10 products
Compact 5500r Ip Firmware
Compact 5200r Ip Firmware
Compact 5000r Ip Firmware
Compact 4000 Ip Firmware
Commander 6000r Ip Firmware
Commander 6000rx Ip Firmware
Commander Business(19") Ip Firmware
Commander Basic.2(19") Ip Firmware
Compact 5010 Voip Ip Firmware
Compact 5020 Voip Ip Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Compact 5500r Ip Firmware
Up to 8.0b
Running on/withPlatform Versions
Auerswald
Compact 5500r Ip
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Compact 5200r Ip Firmware
Up to 8.0b
Running on/withPlatform Versions
Auerswald
Compact 5200r Ip
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Compact 5000r Ip Firmware
Up to 8.0b
Running on/withPlatform Versions
Auerswald
Compact 5000r Ip
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Compact 4000 Ip Firmware
Up to 8.0b
Running on/withPlatform Versions
Auerswald
Compact 4000r Ip
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Commander 6000r Ip Firmware
Up to 8.0b
Running on/withPlatform Versions
Auerswald
Commander 6000r Ip
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Commander 6000rx Ip Firmware
Up to 8.0b
Running on/withPlatform Versions
Auerswald
Commander 6000rx Ip
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Commander Business(19") Ip Firmware
Up to 8.0b
Running on/withPlatform Versions
Auerswald
Commander Business(19") Ip
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Commander Basic.2(19") Ip Firmware
Up to 8.0b
Running on/withPlatform Versions
Auerswald
Commander Basic.2(19") Ip
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Compact 5010 Voip Ip Firmware
Up to 8.0b
Running on/withPlatform Versions
Auerswald
Compact 5010 Voip Ip
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Compact 5020 Voip Ip Firmware
Up to 8.0b
Running on/withPlatform Versions
Auerswald
Compact 5020 Voip Ip
All versions

Related CWEs

CWE-522
Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (6)

Source: cve@mitre.org
ExploitThird Party AdvisoryVDB Entry
Source: cve@mitre.org
ExploitThird Party Advisory
Source: cve@mitre.org
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory

Timeline

No history available yet.