nvd-json-data-feeds/CVE-2021/CVE-2021-42xx/CVE-2021-4242.json

{
  "id": "CVE-2021-4242",
  "sourceIdentifier": "cna@vuldb.com",
  "published": "2022-11-30T14:15:10.670",
  "lastModified": "2022-12-02T18:29:25.467",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability was found in Sapido BR270n, BRC76n, GR297 and RB1732 and classified as critical. Affected by this issue is some unknown functionality of the file ip/syscmd.htm. The manipulation leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214592."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9
      },
      {
        "source": "cna@vuldb.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "LOW",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.4
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ]
    },
    {
      "source": "cna@vuldb.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-707"
        },
        {
          "lang": "en",
          "value": "CWE-74"
        },
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ]
    }
  ],
  "configurations": [
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:sapido:br270n_firmware:2.1.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB7ED0E2-05DF-4179-949A-034D2AD405C6"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:sapido:br270n:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D099517-CB63-4BDB-8DD6-53D154768DAD"
            }
          ]
        }
      ]
    },
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:sapido:brc76n_firmware:2.1.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "9120396E-B3D3-4EA9-9A98-40EF7B8E6DE3"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:sapido:brc76n:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "03A48719-9186-49F2-91BC-CF93C8822A13"
            }
          ]
        }
      ]
    },
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:sapido:gr297n_firmware:2.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8607F07-EA08-44C7-A786-3094623F6B57"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:sapido:gr297n:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6841D138-6697-45AF-B2B3-B948E9D1C1BE"
            }
          ]
        }
      ]
    },
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:sapido:rb-1732_firmware:2.0.43:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0B14C13-1E25-4206-9B2F-E474868E5B44"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:sapido:rb-1732:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A618943-41CC-4E01-A207-8E83C039A2EE"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://blog.csdn.net/qq_44159028/article/details/114590267",
      "source": "cna@vuldb.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://github.com/smallpiggy/Sapido--rce/blob/main/Sapido%E8%B7%AF%E7%94%B1%E5%99%A8-rce.py",
      "source": "cna@vuldb.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://vuldb.com/?id.214592",
      "source": "cna@vuldb.com",
      "tags": [
        "Third Party Advisory"
      ]
    }
  ]
}