{ "id": "CVE-2021-39291", "sourceIdentifier": "cve@mitre.org", "published": "2021-08-23T05:15:08.473", "lastModified": "2022-07-12T17:42:04.277", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Certain NetModule devices allow credentials via GET parameters to CLI-PHP. These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800." }, { "lang": "es", "value": "Determinados dispositivos NetModule permiten obtener credenciales por medio de par\u00e1metros GET a CLI-PHP. Estos modelos con versiones de firmware anteriores a 4.3.0.113, 4.4.0.111 y 4.5.0.105 est\u00e1n afectados: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720 y NB3800." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH" }, "exploitabilityScore": 2.8, "impactScore": 5.9 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 6.5 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-532" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:netmodule:nb800_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.3.0.113", "matchCriteriaId": "859A2D0C-3E71-4ADC-B428-16F06C690C19" }, { "vulnerable": true, "criteria": "cpe:2.3:o:netmodule:nb800_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.4.0.0", "versionEndExcluding": "4.4.0.111", "matchCriteriaId": "1BE1B5B4-DA33-477A-B2A0-3EB9C9FC3D70" }, { "vulnerable": true, "criteria": "cpe:2.3:o:netmodule:nb800_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.5.0.0", "versionEndExcluding": "4.5.0.105", "matchCriteriaId": "E0BB4A22-5C1E-483B-B4B5-EBB825F69ADB" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:netmodule:nb800:-:*:*:*:*:*:*:*", "matchCriteriaId": "3B550124-772B-4384-BA89-72B68E01F61E" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:netmodule:nb1600_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.3.0.113", "matchCriteriaId": "235EA0E4-4159-4B33-981A-142F18F19693" }, { "vulnerable": true, "criteria": "cpe:2.3:o:netmodule:nb1600_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.4.0.0", "versionEndExcluding": "4.4.0.111", "matchCriteriaId": "E8BF4EC9-F81D-43B6-9B82-ED684B324558" }, { "vulnerable": true, "criteria": "cpe:2.3:o:netmodule:nb1600_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.5.0.0", "versionEndExcluding": "4.5.0.105", "matchCriteriaId": "1AFD122C-BA89-4492-BA60-FB2469362AFB" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:netmodule:nb1600:-:*:*:*:*:*:*:*", "matchCriteriaId": "6D275CDC-0FE9-40C6-8CD4-3C836458C6C6" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:netmodule:nb1601_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.3.0.113", "matchCriteriaId": "32518B3C-AC1D-4C84-B93D-FECD87119CE0" }, { "vulnerable": true, "criteria": "cpe:2.3:o:netmodule:nb1601_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.4.0.0", "versionEndExcluding": "4.4.0.111", "matchCriteriaId": "92C9EA32-7245-4D9A-95AC-BEA84F831FBE" }, { "vulnerable": true, "criteria": "cpe:2.3:o:netmodule:nb1601_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.5.0.0", "versionEndExcluding": "4.5.0.105", "matchCriteriaId": "475A665D-717A-4D8A-B898-67727ADFA3C0" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:netmodule:nb1601:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C90BC32-C405-4178-B944-9CF39C212C46" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:netmodule:nb1800_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.3.0.113", "matchCriteriaId": "DD46C88F-7504-4EF3-82A2-2B7E2C6295CF" }, { "vulnerable": true, "criteria": "cpe:2.3:o:netmodule:nb1800_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.4.0.0", "versionEndExcluding": "4.4.0.111", "matchCriteriaId": "2FC37DB1-5BBA-4B66-B6EB-F9807AEBC28B" }, { "vulnerable": true, "criteria": "cpe:2.3:o:netmodule:nb1800_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.5.0.0", "versionEndExcluding": "4.5.0.105", "matchCriteriaId": "4B584B1A-E437-4D30-9129-EEB26EA6E6D0" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:netmodule:nb1800:-:*:*:*:*:*:*:*", "matchCriteriaId": "A80AE348-C415-4B5F-B359-26E2F2A132F7" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:netmodule:nb1810_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.3.0.113", "matchCriteriaId": "24406D4C-86C1-40C8-9176-965C34D98A27" }, { "vulnerable": true, "criteria": "cpe:2.3:o:netmodule:nb1810_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.4.0.0", "versionEndExcluding": "4.4.0.111", "matchCriteriaId": "237C5CD4-B380-4200-AA3C-CEBE56769D95" }, { "vulnerable": true, "criteria": "cpe:2.3:o:netmodule:nb1810_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.5.0.0", "versionEndExcluding": "4.5.0.105", "matchCriteriaId": "F043174E-E5A2-4D8B-ABC2-6B58BA1928DD" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:netmodule:nb1810:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3CF8E81-2EB5-4CDC-9FC9-CEAF4E1E7514" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:netmodule:nb2700_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.3.0.113", "matchCriteriaId": "6288934F-DAF6-4703-BA16-641C9C9F7816" }, { "vulnerable": true, "criteria": "cpe:2.3:o:netmodule:nb2700_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.4.0.0", "versionEndExcluding": "4.4.0.111", "matchCriteriaId": "B903A687-C06B-46B1-B5C9-5022D0379B9A" }, { "vulnerable": true, "criteria": "cpe:2.3:o:netmodule:nb2700_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.5.0.0", "versionEndExcluding": "4.5.0.105", "matchCriteriaId": "22E922A0-F965-4EFF-85A6-A48957A62CA2" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:netmodule:nb2700:-:*:*:*:*:*:*:*", "matchCriteriaId": "7751755B-A1A8-4538-94D1-A49FC40565A5" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:netmodule:nb2710_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.3.0.113", "matchCriteriaId": "AFBC5B08-D2CC-4885-AA81-C893475663B7" }, { "vulnerable": true, "criteria": "cpe:2.3:o:netmodule:nb2710_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.4.0.0", "versionEndExcluding": "4.4.0.111", "matchCriteriaId": "2C816B51-1B3F-406F-9D06-F2B269CEED72" }, { "vulnerable": true, "criteria": "cpe:2.3:o:netmodule:nb2710_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.5.0.0", "versionEndExcluding": "4.5.0.105", "matchCriteriaId": "F065BA00-4BEA-40DC-8E6F-F0D3DBB6135E" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:netmodule:nb2710:-:*:*:*:*:*:*:*", "matchCriteriaId": "0AFE5094-EA46-4389-880F-32E892BC703D" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:netmodule:nb2800_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.3.0.113", "matchCriteriaId": "565E3C8B-3A1C-4088-8E67-ABAFF6F23CE0" }, { "vulnerable": true, "criteria": "cpe:2.3:o:netmodule:nb2800_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.4.0.0", "versionEndExcluding": "4.4.0.111", "matchCriteriaId": "22B3B384-DD00-44FF-89A4-6955DBED6BEE" }, { "vulnerable": true, "criteria": "cpe:2.3:o:netmodule:nb2800_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.5.0.0", "versionEndExcluding": "4.5.0.105", "matchCriteriaId": "B96EDFE1-9F24-4B19-B1BA-4C616EE2DC40" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:netmodule:nb2800:-:*:*:*:*:*:*:*", "matchCriteriaId": "EFF579A1-A31C-47F3-912A-43F5B4894497" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:netmodule:nb2810_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.3.0.113", "matchCriteriaId": "411ACA2B-FEA7-4EE3-ADF2-89A730EBAC63" }, { "vulnerable": true, "criteria": "cpe:2.3:o:netmodule:nb2810_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.4.0.0", "versionEndExcluding": "4.4.0.111", "matchCriteriaId": "2BA4A5D3-7732-48FD-954D-8E17A10E73C6" }, { "vulnerable": true, "criteria": "cpe:2.3:o:netmodule:nb2810_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.5.0.0", "versionEndExcluding": "4.5.0.105", "matchCriteriaId": "5267CB7C-FB43-430A-A72D-6FD818067AD4" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:netmodule:nb2810:-:*:*:*:*:*:*:*", "matchCriteriaId": "41310FAF-CD23-4126-942D-DA950A96DF3E" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:netmodule:nb3700_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.3.0.113", "matchCriteriaId": "21CDAEB4-ED99-4B7E-BCDD-76EA6358827A" }, { "vulnerable": true, "criteria": "cpe:2.3:o:netmodule:nb3700_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.4.0.0", "versionEndExcluding": "4.4.0.111", "matchCriteriaId": "7EA9B965-8579-4FC1-841C-C515DEE27B01" }, { "vulnerable": true, "criteria": "cpe:2.3:o:netmodule:nb3700_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.5.0.0", "versionEndExcluding": "4.5.0.105", "matchCriteriaId": "745D4419-62B5-46C3-8105-CEA15D9487EF" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:netmodule:nb3700:-:*:*:*:*:*:*:*", "matchCriteriaId": "79C621EF-0650-418D-B39D-C07FE4728DB9" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:netmodule:nb3701_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.3.0.113", "matchCriteriaId": "2DBE522D-DCD5-49DC-A85B-924913567542" }, { "vulnerable": true, "criteria": "cpe:2.3:o:netmodule:nb3701_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.4.0.0", "versionEndExcluding": "4.4.0.111", "matchCriteriaId": "FA511394-9D61-450A-B83E-9646F0F0E14A" }, { "vulnerable": true, "criteria": "cpe:2.3:o:netmodule:nb3701_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.5.0.0", "versionEndExcluding": "4.5.0.105", "matchCriteriaId": "61B03B05-4EEB-4C26-A9D5-973677509C44" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:netmodule:nb3701:-:*:*:*:*:*:*:*", "matchCriteriaId": "962F7AFA-76A3-4F83-AA2C-AB168C644104" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:netmodule:nb3710_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.3.0.113", "matchCriteriaId": "BEC22B39-711E-4CE9-95AB-43F72CCDA470" }, { "vulnerable": true, "criteria": "cpe:2.3:o:netmodule:nb3710_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.4.0.0", "versionEndExcluding": "4.4.0.111", "matchCriteriaId": "37B221AA-E1BF-4468-86F5-75FCEBAF16F6" }, { "vulnerable": true, "criteria": "cpe:2.3:o:netmodule:nb3710_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.5.0.0", "versionEndExcluding": "4.5.0.105", "matchCriteriaId": "02220156-F8E2-451E-A109-E7531F20318D" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:netmodule:nb3710:-:*:*:*:*:*:*:*", "matchCriteriaId": "78EBE526-E036-4FCC-B617-376ABC679111" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:netmodule:nb3711_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.3.0.113", "matchCriteriaId": "FB50D57C-6597-4906-82BA-D3EA43CB1674" }, { "vulnerable": true, "criteria": "cpe:2.3:o:netmodule:nb3711_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.4.0.0", "versionEndExcluding": "4.4.0.111", "matchCriteriaId": "C8DD0B35-A9ED-40EE-99A7-D1E521715B15" }, { "vulnerable": true, "criteria": "cpe:2.3:o:netmodule:nb3711_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.5.0.0", "versionEndExcluding": "4.5.0.105", "matchCriteriaId": "2042F74C-EAB3-4E7B-9EA3-D9D259B49F97" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:netmodule:nb3711:-:*:*:*:*:*:*:*", "matchCriteriaId": "923D8D38-E3DB-47C0-92C3-AD1A05EEAC83" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:netmodule:nb3720_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.3.0.113", "matchCriteriaId": "DC6FD8BD-83E6-49F0-BAFD-204DC811FD3C" }, { "vulnerable": true, "criteria": "cpe:2.3:o:netmodule:nb3720_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.4.0.0", "versionEndExcluding": "4.4.0.111", "matchCriteriaId": "E9E19441-52AA-45CE-BFDC-9AA5B77C93D1" }, { "vulnerable": true, "criteria": "cpe:2.3:o:netmodule:nb3720_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.5.0.0", "versionEndExcluding": "4.5.0.105", "matchCriteriaId": "D9283534-F223-41A3-A05E-E57712EBDC17" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:netmodule:nb3720:-:*:*:*:*:*:*:*", "matchCriteriaId": "C2E345B5-CF76-4385-B4C3-B7F00DB0C52B" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:netmodule:nb3800_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.3.0.113", "matchCriteriaId": "AF973850-B710-4AE8-B843-9B98D615D09A" }, { "vulnerable": true, "criteria": "cpe:2.3:o:netmodule:nb3800_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.4.0.0", "versionEndExcluding": "4.4.0.111", "matchCriteriaId": "7015FD33-A077-4EF7-9FA6-5BFCD1AF6FD1" }, { "vulnerable": true, "criteria": "cpe:2.3:o:netmodule:nb3800_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.5.0.0", "versionEndExcluding": "4.5.0.105", "matchCriteriaId": "9F7BA1B7-C9D3-4B1E-9639-E4F7C8580E11" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:netmodule:nb3800:-:*:*:*:*:*:*:*", "matchCriteriaId": "7120564A-4FE0-403E-A976-9658A665E51A" } ] } ] } ], "references": [ { "url": "https://seclists.org/fulldisclosure/2021/Aug/22", "source": "cve@mitre.org", "tags": [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url": "https://www.netmodule.com", "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ] } ] }