Vulnerability Description
SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to upload arbitrary files via unspecified vectors. If the file is PHP script, an attacker may execute arbitrary code.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Contec | Sv-Cpt-Mc310 Firmware | < 6.5 |
| Contec | Sv-Cpt-Mc310 | - |
Related Weaknesses (CWE)
References
- https://jvn.jp/en/jp/JVN37417423/index.htmlThird Party Advisory
- https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/Vendor Advisory
- https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2Vendor Advisory
- https://jvn.jp/en/jp/JVN37417423/index.htmlThird Party Advisory
- https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/Vendor Advisory
- https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2Vendor Advisory
FAQ
What is CVE-2021-20659?
CVE-2021-20659 is a vulnerability with a CVSS score of 8.8 (HIGH). SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to upload arbitrary files via unspecified vectors. If the file is PHP script, an attacker may execute arbitrary code.
How severe is CVE-2021-20659?
CVE-2021-20659 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-20659?
Check the references section above for vendor advisories and patch information. Affected products include: Contec Sv-Cpt-Mc310 Firmware, Contec Sv-Cpt-Mc310.