CVE-2021-44564 — HIGH (8.1)

Q: How severe is CVE-2021-44564?

CVE-2021-44564 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-44564?

Check the references section above for vendor advisories and patch information. Affected products include: Kalkitech Sync241-M1 Firmware, Kalkitech Sync241-M1, Kalkitech Sync241-M2 Firmware, Kalkitech Sync241-M2, Kalkitech Sync241-M4 Firmware.

Vulnerability Description

A security vulnerability originally reported in the SYNC2101 product, and applicable to specific sub-families of SYNC devices, allows an attacker to download the configuration file used in the device and apply a modified configuration file back to the device. The attack requires network access to the SYNC device and knowledge of its IP address. The attack exploits the unsecured communication channel used between the administration tool Easyconnect and the SYNC device (in the affected family of SYNC products).

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Kalkitech	Sync241-M1 Firmware	<= 4.15.3
Kalkitech	Sync241-M1	-
Kalkitech	Sync241-M2 Firmware	<= 4.15.3
Kalkitech	Sync241-M2	-
Kalkitech	Sync241-M4 Firmware	<= 4.15.3
Kalkitech	Sync241-M4	-
Kalkitech	Sync261-M1 Firmware	<= 4.15.3
Kalkitech	Sync261-M1	-
Kalkitech	Sync2000-M1 Firmware	<= 4.15.3
Kalkitech	Sync2000-M1	-
Kalkitech	Sync2000-M2 Firmware	<= 4.15.3
Kalkitech	Sync2000-M2	-
Kalkitech	Sync2000-M4 Firmware	<= 4.15.3
Kalkitech	Sync2000-M4	-
Kalkitech	Sync2101-M1 Firmware	<= 4.15.3
Kalkitech	Sync2101-M1	-
Kalkitech	Sync2101-M2 Firmware	<= 4.15.3
Kalkitech	Sync2101-M2	-
Kalkitech	Sync2101-M6 Firmware	<= 4.15.3
Kalkitech	Sync2101-M6	-

References

https://kalkitech.com/wp-content/uploads/CYB_33631_Advisory.pdfVendor Advisory
https://www.kalkitech.com/cybersecurity/Vendor Advisory
https://kalkitech.com/wp-content/uploads/CYB_33631_Advisory.pdfVendor Advisory
https://www.kalkitech.com/cybersecurity/Vendor Advisory

FAQ

What is CVE-2021-44564?

CVE-2021-44564 is a vulnerability with a CVSS score of 8.1 (HIGH). A security vulnerability originally reported in the SYNC2101 product, and applicable to specific sub-families of SYNC devices, allows an attacker to download the configuration file used in the device ...

How severe is CVE-2021-44564?

CVE-2021-44564 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-44564?

Check the references section above for vendor advisories and patch information. Affected products include: Kalkitech Sync241-M1 Firmware, Kalkitech Sync241-M1, Kalkitech Sync241-M2 Firmware, Kalkitech Sync241-M2, Kalkitech Sync241-M4 Firmware.