CVE-2021-20843 — MEDIUM (5.4)

Q: How severe is CVE-2021-20843?

CVE-2021-20843 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-20843?

Check the references section above for vendor advisories and patch information. Affected products include: Yamaha Rtx830 Firmware, Yamaha Rtx830, Yamaha Nvr510 Firmware, Yamaha Nvr510, Yamaha Nvr700W Firmware.

Vulnerability Description

Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted web page.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Yamaha	Rtx830 Firmware	<= 15.02.17
Yamaha	Rtx830	-
Yamaha	Nvr510 Firmware	<= 15.01.18
Yamaha	Nvr510	-
Yamaha	Nvr700W Firmware	<= 15.00.19
Yamaha	Nvr700W	-
Yamaha	Rtx1210 Firmware	<= 14.01.38
Yamaha	Rtx1210	-
Ntt-West	Biz Box Rtx830 Firmware	<= 15.02.17
Ntt-West	Biz Box Rtx830	-
Ntt-West	Biz Box Nvr510 Firmware	< 15.01.18
Ntt-West	Biz Box Nvr510	-
Ntt-West	Biz Box Nvr700W Firmware	<= 15.00.19
Ntt-West	Biz Box Nvr700W	-
Ntt-West	Biz Box Rtx1210 Firmware	<= 14.01.38
Ntt-West	Biz Box Rtx1210	-

Related Weaknesses (CWE)

CWE-829

References

http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.htmlMitigationVendor Advisory
https://business.ntt-east.co.jp/topics/2021/11_09.htmlMitigationVendor Advisory
https://jvn.jp/en/vu/JVNVU91161784/index.htmlMitigationThird Party Advisory
https://www.ntt-west.co.jp/smb/kiki_info/info/211109.htmlMitigationVendor Advisory
http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.htmlMitigationVendor Advisory
https://business.ntt-east.co.jp/topics/2021/11_09.htmlMitigationVendor Advisory
https://jvn.jp/en/vu/JVNVU91161784/index.htmlMitigationThird Party Advisory
https://www.ntt-west.co.jp/smb/kiki_info/info/211109.htmlMitigationVendor Advisory

FAQ

What is CVE-2021-20843?

CVE-2021-20843 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier all...

How severe is CVE-2021-20843?

CVE-2021-20843 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-20843?

Check the references section above for vendor advisories and patch information. Affected products include: Yamaha Rtx830 Firmware, Yamaha Rtx830, Yamaha Nvr510 Firmware, Yamaha Nvr510, Yamaha Nvr700W Firmware.