1. Home
  2. CVE Database
  3. CVE-2021-43442
HIGH · 8.1

CVE-2021-43442

A Logic Flaw vulnerability exists in i3 International Inc Annexxus Camera V5.2.0 build 150317 (Ax46), V5.0.9 build 151106 (Ax68), and V5.0.9 build 150615 (Ax78) due to a failure to allow the creation ...

Vulnerability Description

A Logic Flaw vulnerability exists in i3 International Inc Annexxus Camera V5.2.0 build 150317 (Ax46), V5.0.9 build 151106 (Ax68), and V5.0.9 build 150615 (Ax78) due to a failure to allow the creation of more than one administrator account; however, this can be bypassed by parameter maniulation using PUT and DELETE and by calling the 'UserPermission' endpoint with the ID of created account and set it to 'admin' userType, successfully adding a second administrative account.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
I3InternationalAx46 Firmware5.2.0
I3InternationalAx46-
I3InternationalAx68 Firmware5.0.9
I3InternationalAx68-
I3InternationalAx78 Firmware5.0.9
I3InternationalAx78-

References

FAQ

What is CVE-2021-43442?

CVE-2021-43442 is a vulnerability with a CVSS score of 8.1 (HIGH). A Logic Flaw vulnerability exists in i3 International Inc Annexxus Camera V5.2.0 build 150317 (Ax46), V5.0.9 build 151106 (Ax68), and V5.0.9 build 150615 (Ax78) due to a failure to allow the creation ...

How severe is CVE-2021-43442?

CVE-2021-43442 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-43442?

Check the references section above for vendor advisories and patch information. Affected products include: I3International Ax46 Firmware, I3International Ax46, I3International Ax68 Firmware, I3International Ax68, I3International Ax78 Firmware.