PT-2021-22510 · Netmodule · Nb3720+14

Gerhard Hechenberger

+1

·

Published

2021-08-23

·

Updated

2023-11-02

·

CVE-2021-39291

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions NetModule NB800 versions prior to 4.3.0.113 NetModule NB1600 versions prior to 4.4.0.111 NetModule NB1601 versions prior to 4.4.0.111 NetModule NB1800 versions prior to 4.4.0.111 NetModule NB1810 versions prior to 4.4.0.111 NetModule NB2700 versions prior to 4.5.0.105 NetModule NB2710 versions prior to 4.5.0.105 NetModule NB2800 versions prior to 4.5.0.105 NetModule NB2810 versions prior to 4.5.0.105 NetModule NB3700 versions prior to 4.5.0.105 NetModule NB3701 versions prior to 4.5.0.105 NetModule NB3710 versions prior to 4.5.0.105 NetModule NB3711 versions prior to 4.5.0.105 NetModule NB3720 versions prior to 4.5.0.105 NetModule NB3800 versions prior to 4.5.0.105
Description Certain NetModule devices allow credentials via GET parameters to CLI-PHP. The affected models include NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800.
Recommendations For NetModule NB800 version prior to 4.3.0.113, update to version 4.3.0.113 or later. For NetModule NB1600 version prior to 4.4.0.111, update to version 4.4.0.111 or later. For NetModule NB1601 version prior to 4.4.0.111, update to version 4.4.0.111 or later. For NetModule NB1800 version prior to 4.4.0.111, update to version 4.4.0.111 or later. For NetModule NB1810 version prior to 4.4.0.111, update to version 4.4.0.111 or later. For NetModule NB2700 version prior to 4.5.0.105, update to version 4.5.0.105 or later. For NetModule NB2710 version prior to 4.5.0.105, update to version 4.5.0.105 or later. For NetModule NB2800 version prior to 4.5.0.105, update to version 4.5.0.105 or later. For NetModule NB2810 version prior to 4.5.0.105, update to version 4.5.0.105 or later. For NetModule NB3700 version prior to 4.5.0.105, update to version 4.5.0.105 or later. For NetModule NB3701 version prior to 4.5.0.105, update to version 4.5.0.105 or later. For NetModule NB3710 version prior to 4.5.0.105, update to version 4.5.0.105 or later. For NetModule NB3711 version prior to 4.5.0.105, update to version 4.5.0.105 or later. For NetModule NB3720 version prior to 4.5.0.105, update to version 4.5.0.105 or later. For NetModule NB3800 version prior to 4.5.0.105, update to version 4.5.0.105 or later.

Exploit

Fix

Insertion into Log File

Weakness Enumeration

CWE-532

Related Identifiers

CVE-2021-39291

Affected Products

Nb1600
Nb1601
Nb1800
Nb1810
Nb2700
Nb2710
Nb2800
Nb2810
Nb3700
Nb3701
Nb3710
Nb3711
Nb3720
Nb3800
Nb800