← Back

CVE-2021-40858

nvd nist
Published: Dec 13, 2021Modified: Nov 21, 2024

JSON object

Loading...
4.9
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Exploitability: 1.2 / Impact: 3.6
Source: NVD

Description

Auerswald COMpact 5500R devices before 8.2B allow Arbitrary File Disclosure. A sub-admin can read the cleartext Admin password via the fileName=../../etc/passwd substring.

Affected (10)

Auerswald
10 products
Compact 5500r Ip Firmware
Compact 5200r Ip Firmware
Compact 5000r Ip Firmware
Compact 4000 Ip Firmware
Commander 6000r Ip Firmware
Commander 6000rx Ip Firmware
Commander Business(19") Ip Firmware
Commander Basic.2(19") Ip Firmware
Compact 5010 Voip Ip Firmware
Compact 5020 Voip Ip Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Compact 5500r Ip Firmware
Up to 8.0b
Running on/withPlatform Versions
Auerswald
Compact 5500r Ip
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Compact 5200r Ip Firmware
Up to 8.0b
Running on/withPlatform Versions
Auerswald
Compact 5200r Ip
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Compact 5000r Ip Firmware
Up to 8.0b
Running on/withPlatform Versions
Auerswald
Compact 5000r Ip
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Compact 4000 Ip Firmware
Up to 8.0b
Running on/withPlatform Versions
Auerswald
Compact 4000r Ip
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Commander 6000r Ip Firmware
Up to 8.0b
Running on/withPlatform Versions
Auerswald
Commander 6000r Ip
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Commander 6000rx Ip Firmware
Up to 8.0b
Running on/withPlatform Versions
Auerswald
Commander 6000rx Ip
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Commander Business(19") Ip Firmware
Up to 8.0b
Running on/withPlatform Versions
Auerswald
Commander Business(19") Ip
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Commander Basic.2(19") Ip Firmware
Up to 8.0b
Running on/withPlatform Versions
Auerswald
Commander Basic.2(19") Ip
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Compact 5010 Voip Ip Firmware
Up to 8.0b
Running on/withPlatform Versions
Auerswald
Compact 5010 Voip Ip
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Compact 5020 Voip Ip Firmware
Up to 8.0b
Running on/withPlatform Versions
Auerswald
Compact 5020 Voip Ip
All versions

Related CWEs

CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (6)

Source: cve@mitre.org
ExploitThird Party AdvisoryVDB Entry
Source: cve@mitre.org
ExploitThird Party Advisory
Source: cve@mitre.org
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory

Timeline

No history available yet.