Add TWCERT/CC CVE-2021-37911

2025-06-12 02:05:39 +00:00 · 2021-08-30 22:31:39 +08:00 · 2021-08-30 22:31:39 +08:00 · 4417ae66bc
commit 4417ae66bc
parent f3374b4d8e
1 changed files with 88 additions and 6 deletions
--- a/2021/37xxx/CVE-2021-37911.json
+++ b/2021/37xxx/CVE-2021-37911.json
@ -1,18 +1,100 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
+        "AKA": "TWCERT/CC",
+        "ASSIGNER": "cve@cert.org.tw",
+        "DATE_PUBLIC": "2021-08-30T14:21:00.000Z",
        "ID": "CVE-2021-37911",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC"
    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "EH600 OTA",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "platform": "AOSP 6.0",
+                                            "version_affected": "<=",
+                                            "version_value": "v01.00.30.00"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "BenQ"
+                }
+            ]
+        }
+    },
+    "credit": [
+        {
+            "lang": "eng",
+            "value": "BenQ"
+        }
+    ],
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "The management interface of BenQ smart wireless conference projector does not properly control user's privilege. Attackers can access any system directory of this device through the interface and execute arbitrary commands if he enters the local subnetwork."
            }
        ]
+    },
+    "generator": {
+        "engine": "Vulnogram 0.0.9"
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "LOW",
+            "attackVector": "ADJACENT_NETWORK",
+            "availabilityImpact": "HIGH",
+            "baseScore": 8.8,
+            "baseSeverity": "HIGH",
+            "confidentialityImpact": "HIGH",
+            "integrityImpact": "HIGH",
+            "privilegesRequired": "NONE",
+            "scope": "UNCHANGED",
+            "userInteraction": "NONE",
+            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-269 Improper Privilege Management"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "CONFIRM",
+                "url": "https://www.twcert.org.tw/tw/cp-132-5047-7ef35-1.html"
+            }
+        ]
+    },
+    "solution": [
+        {
+            "lang": "eng",
+            "value": "Update EH600 OTA to v01.00.30.00 (AOSP 6.0)"
+        }
+    ],
+    "source": {
+        "advisory": "TVN-202108008",
+        "discovery": "EXTERNAL"
    }
 }