CVE-2021-20844 — MEDIUM (5.7)

Q: How severe is CVE-2021-20844?

CVE-2021-20844 has been rated MEDIUM with a CVSS base score of 5.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-20844?

Check the references section above for vendor advisories and patch information. Affected products include: Yamaha Rtx830 Firmware, Yamaha Rtx830, Yamaha Nvr510 Firmware, Yamaha Nvr510, Yamaha Nvr700W Firmware.

Vulnerability Description

Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to obtain sensitive information via a specially crafted web page.

CVSS Score

5.7

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Yamaha	Rtx830 Firmware	<= 15.02.17
Yamaha	Rtx830	-
Yamaha	Nvr510 Firmware	<= 15.01.18
Yamaha	Nvr510	-
Yamaha	Nvr700W Firmware	<= 15.00.19
Yamaha	Nvr700W	-
Yamaha	Rtx1210 Firmware	<= 14.01.38
Yamaha	Rtx1210	-
Ntt-West	Biz Box Rtx830 Firmware	<= 15.02.17
Ntt-West	Biz Box Rtx830	-
Ntt-West	Biz Box Nvr510 Firmware	< 15.01.18
Ntt-West	Biz Box Nvr510	-
Ntt-West	Biz Box Nvr700W Firmware	<= 15.00.19
Ntt-West	Biz Box Nvr700W	-
Ntt-West	Biz Box Rtx1210 Firmware	<= 14.01.38
Ntt-West	Biz Box Rtx1210	-

Related Weaknesses (CWE)

CWE-116

References

http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.htmlMitigationVendor Advisory
https://business.ntt-east.co.jp/topics/2021/11_09.htmlMitigationVendor Advisory
https://jvn.jp/en/vu/JVNVU91161784/index.htmlMitigationThird Party Advisory
https://www.ntt-west.co.jp/smb/kiki_info/info/211109.htmlMitigationVendor Advisory
http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.htmlMitigationVendor Advisory
https://business.ntt-east.co.jp/topics/2021/11_09.htmlMitigationVendor Advisory
https://jvn.jp/en/vu/JVNVU91161784/index.htmlMitigationThird Party Advisory
https://www.ntt-west.co.jp/smb/kiki_info/info/211109.htmlMitigationVendor Advisory

FAQ

What is CVE-2021-20844?

CVE-2021-20844 is a vulnerability with a CVSS score of 5.7 (MEDIUM). Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier,...

How severe is CVE-2021-20844?

CVE-2021-20844 has been rated MEDIUM with a CVSS base score of 5.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-20844?

Check the references section above for vendor advisories and patch information. Affected products include: Yamaha Rtx830 Firmware, Yamaha Rtx830, Yamaha Nvr510 Firmware, Yamaha Nvr510, Yamaha Nvr700W Firmware.