nvd-json-data-feeds/CVE-2021/CVE-2021-292xx/CVE-2021-29255.json

{
  "id": "CVE-2021-29255",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2021-03-26T18:15:12.453",
  "lastModified": "2021-04-02T12:13:29.227",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "MicroSeven MYM71080i-B 2.0.5 through 2.0.20 devices send admin credentials in cleartext to pnp.microseven.com TCP port 7007. An attacker on the same network as the device can capture these credentials."
    },
    {
      "lang": "es",
      "value": "Los dispositivos MicroSeven MYM71080i-B versiones 2.0.5 hasta 2.0.20, env\u00edan credenciales de administrador en texto sin cifrar al puerto TCP 7007 de pnp.microseven.com. Un atacante en la misma red que el dispositivo puede capturar estas credenciales."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "ADJACENT_NETWORK",
          "attackComplexity": "HIGH",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
          "accessVector": "ADJACENT_NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.9
        },
        "baseSeverity": "LOW",
        "exploitabilityScore": 5.5,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-522"
        }
      ]
    }
  ],
  "configurations": [
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:microseven:mym71080i-b_firmware:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "2.0.5",
              "versionEndIncluding": "2.0.20",
              "matchCriteriaId": "DBA08ED4-6ED2-4AD6-AB5B-F7991E28969A"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:microseven:mym71080i-b:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "76D5283C-9C5A-4921-B27B-491470406C21"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://blog.microseven.com",
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://cybergladius.com/cve-2021-29255-vulnerability-disclosure/",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    }
  ]
}