Search

Find a vulnerability

Search criteria

    115 vulnerabilities found for R-SeeNet by Advantech

    VAR-202010-0875

    Vulnerability from variot - Updated: 2024-11-23 22:25

    The R-SeeNet webpage (1.5.1 through 2.4.10) suffers from SQL injection, which allows a remote attacker to invoke queries on the database and retrieve sensitive information. Advantech Provided by the company R-SeeNet Is an application for monitoring routers. Authentication is not required to exploit this vulnerability.The specific flaw exists within device_position.php. When parsing the device_id parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. The software monitors the platform based on the snmp protocol, and is suitable for Linux and Windows platforms. There are SQL injection vulnerabilities in R-SeeNet Versions 1.5.1 to 2.4.10

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202010-0875",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "r-seenet",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "advantech",
            "version": "2.4.10"
          },
          {
            "model": "r-seenet",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "advantech",
            "version": "1.5.1"
          },
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "advantech",
            "version": "versions 1.5.1 \u304b\u3089 2.4.10"
          },
          {
            "model": "r-seenet",
            "scope": null,
            "trust": 0.7,
            "vendor": "advantech",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-1262"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009105"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-25157"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:advantech:r_seenet",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009105"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "rgod",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-1262"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2020-25157",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2020-25157",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-179107",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-25157",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "JPCERT/CC score",
                "availabilityImpact": "None",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-009105",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "ZDI",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-25157",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "NONE",
                "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-25157",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "JPCERT/CC",
                "id": "JVNDB-2020-009105",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2020-25157",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202010-697",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-179107",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-25157",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-1262"
          },
          {
            "db": "VULHUB",
            "id": "VHN-179107"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-25157"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009105"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202010-697"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-25157"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The R-SeeNet webpage (1.5.1 through 2.4.10) suffers from SQL injection, which allows a remote attacker to invoke queries on the database and retrieve sensitive information. Advantech Provided by the company R-SeeNet Is an application for monitoring routers. Authentication is not required to exploit this vulnerability.The specific flaw exists within device_position.php. When parsing the device_id parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. The software monitors the platform based on the snmp protocol, and is suitable for Linux and Windows platforms. There are SQL injection vulnerabilities in R-SeeNet Versions 1.5.1 to 2.4.10",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-25157"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009105"
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-1262"
          },
          {
            "db": "VULHUB",
            "id": "VHN-179107"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-25157"
          }
        ],
        "trust": 2.43
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-25157",
            "trust": 3.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-289-02",
            "trust": 2.6
          },
          {
            "db": "JVN",
            "id": "JVNVU93185015",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009105",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-11373",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-20-1262",
            "trust": 0.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202010-697",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.3585",
            "trust": 0.6
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-98406",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-179107",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-25157",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-1262"
          },
          {
            "db": "VULHUB",
            "id": "VHN-179107"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-25157"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009105"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202010-697"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-25157"
          }
        ]
      },
      "id": "VAR-202010-0875",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-179107"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T22:25:20.851000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "R-SeeNet Information Disclosure Vulnerability",
            "trust": 0.8,
            "url": "https://ep.advantech-bb.cz/support/router-models/download/239/sa-2020-01-01-r-seenet-2-4-10-vulnerability-en.pdf"
          },
          {
            "title": "Advantech has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-289-02"
          },
          {
            "title": "Advantech R-SeeNet Versions SQL Repair measures for injecting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131315"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-1262"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009105"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202010-697"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-179107"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-25157"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.9,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-289-02"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-25157"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu93185015/index.html"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25157"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.3585/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/89.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189887"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-20-1262"
          },
          {
            "db": "VULHUB",
            "id": "VHN-179107"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-25157"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009105"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202010-697"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-25157"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-20-1262"
          },
          {
            "db": "VULHUB",
            "id": "VHN-179107"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-25157"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009105"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202010-697"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-25157"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-10-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-1262"
          },
          {
            "date": "2020-10-20T00:00:00",
            "db": "VULHUB",
            "id": "VHN-179107"
          },
          {
            "date": "2020-10-20T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-25157"
          },
          {
            "date": "2020-10-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-009105"
          },
          {
            "date": "2020-10-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202010-697"
          },
          {
            "date": "2020-10-20T22:15:43.060000",
            "db": "NVD",
            "id": "CVE-2020-25157"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-10-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-20-1262"
          },
          {
            "date": "2020-10-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-179107"
          },
          {
            "date": "2020-10-22T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-25157"
          },
          {
            "date": "2020-10-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-009105"
          },
          {
            "date": "2020-10-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202010-697"
          },
          {
            "date": "2024-11-21T05:17:29.873000",
            "db": "NVD",
            "id": "CVE-2020-25157"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202010-697"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Advantech Made  R-SeeNet To  SQL Injection vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009105"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202010-697"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202210-1499

    Vulnerability from variot - Updated: 2024-08-14 13:42

    Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can use an outsized filename to overflow the stack buffer and enable remote code execution. Advantech Co., Ltd. R-SeeNet Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech R-SeeNet. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of POST requests sent to the out.php endpoint. When processing the filename and path elements, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Advantech R-SeeNet is an industrial monitoring software developed by China Advantech Company. The software monitors the platform based on the snmp protocol, and is suitable for Linux and Windows platforms. Advantech R-SeeNet

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202210-1499",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "r-seenet",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "advantech",
            "version": "2.4.17"
          },
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "r-seenet",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": "2.4.17  and earlier"
          },
          {
            "model": "r-seenet",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "r-seenet",
            "scope": null,
            "trust": 0.7,
            "vendor": "advantech",
            "version": null
          },
          {
            "model": "r-seenet",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "advantech",
            "version": "\u003c=2.4.17"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-1450"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-16470"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019035"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-3386"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "rgod",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-1450"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2022-3386",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2023-16470",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-3386",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-3386",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-3386",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "NONE",
                "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-3386",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "ics-cert@hq.dhs.gov",
                "id": "CVE-2022-3386",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-3386",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "ZDI",
                "id": "CVE-2022-3386",
                "trust": 0.7,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2023-16470",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202210-2398",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-1450"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-16470"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019035"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-2398"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-3386"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-3386"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "\nAdvantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can use an outsized filename to overflow the stack buffer and enable remote code execution. Advantech Co., Ltd. R-SeeNet Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech R-SeeNet. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of POST requests sent to the out.php endpoint. When processing the filename and path elements, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Advantech R-SeeNet is an industrial monitoring software developed by China Advantech Company. The software monitors the platform based on the snmp protocol, and is suitable for Linux and Windows platforms. Advantech R-SeeNet",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-3386"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019035"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1450"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-16470"
          },
          {
            "db": "VULHUB",
            "id": "VHN-431001"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-3386"
          }
        ],
        "trust": 2.97
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-3386",
            "trust": 4.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-22-291-01",
            "trust": 2.6
          },
          {
            "db": "JVN",
            "id": "JVNVU97893771",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019035",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-17392",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1450",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-16470",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-2398",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-431001",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-3386",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-1450"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-16470"
          },
          {
            "db": "VULHUB",
            "id": "VHN-431001"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-3386"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019035"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-2398"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-3386"
          }
        ]
      },
      "id": "VAR-202210-1499",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-16470"
          },
          {
            "db": "VULHUB",
            "id": "VHN-431001"
          }
        ],
        "trust": 0.06999999999999999
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-16470"
          }
        ]
      },
      "last_update_date": "2024-08-14T13:42:18.936000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Advantech has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-291-01"
          },
          {
            "title": "Patch for Advantech R-SeeNet stack buffer overflow vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/413481"
          },
          {
            "title": "Advantech R-SeeNet Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=212345"
          },
          {
            "title": null,
            "trust": 0.1,
            "url": "https://www.theregister.co.uk/2022/10/20/cisa_flaws_advantech_hitachi/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-1450"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-16470"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-3386"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-2398"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-431001"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019035"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-3386"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.3,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-291-01"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-3386"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu97893771/"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-3386/"
          },
          {
            "trust": 0.1,
            "url": "https://www.theregister.co.uk/2022/10/20/cisa_flaws_advantech_hitachi/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-1450"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-16470"
          },
          {
            "db": "VULHUB",
            "id": "VHN-431001"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-3386"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019035"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-2398"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-3386"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-22-1450"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-16470"
          },
          {
            "db": "VULHUB",
            "id": "VHN-431001"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-3386"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019035"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-2398"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-3386"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-10-21T00:00:00",
            "db": "ZDI",
            "id": "ZDI-22-1450"
          },
          {
            "date": "2023-03-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-16470"
          },
          {
            "date": "2022-10-27T00:00:00",
            "db": "VULHUB",
            "id": "VHN-431001"
          },
          {
            "date": "2023-10-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-019035"
          },
          {
            "date": "2022-10-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202210-2398"
          },
          {
            "date": "2022-10-27T21:15:13.273000",
            "db": "NVD",
            "id": "CVE-2022-3386"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-10-21T00:00:00",
            "db": "ZDI",
            "id": "ZDI-22-1450"
          },
          {
            "date": "2023-03-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-16470"
          },
          {
            "date": "2022-10-28T00:00:00",
            "db": "VULHUB",
            "id": "VHN-431001"
          },
          {
            "date": "2023-10-24T06:54:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-019035"
          },
          {
            "date": "2022-10-31T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202210-2398"
          },
          {
            "date": "2023-11-07T03:51:12.170000",
            "db": "NVD",
            "id": "CVE-2022-3386"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-2398"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Advantech Co., Ltd. \u00a0R-SeeNet\u00a0 Out-of-bounds write vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019035"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-2398"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202210-1436

    Vulnerability from variot - Updated: 2024-08-14 13:42

    Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can remotely overflow the stack buffer and enable remote code execution. Advantech Co., Ltd. R-SeeNet Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of POST requests sent to the show_code.php endpoint. When processing the filename element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Advantech R-SeeNet

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202210-1436",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "r-seenet",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "advantech",
            "version": "2.4.17"
          },
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "r-seenet",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": "2.4.17  and earlier"
          },
          {
            "model": "r-seenet",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "r-seenet",
            "scope": null,
            "trust": 0.7,
            "vendor": "advantech",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-1451"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019036"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-3385"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "rgod",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-1451"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2022-3385",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-3385",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-3385",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "ZDI",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-3385",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "NONE",
                "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-3385",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "ics-cert@hq.dhs.gov",
                "id": "CVE-2022-3385",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-3385",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "ZDI",
                "id": "CVE-2022-3385",
                "trust": 0.7,
                "value": "CRITICAL"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202210-2399",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-1451"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019036"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-2399"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-3385"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-3385"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "\nAdvantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can remotely overflow the stack buffer and enable remote code execution. Advantech Co., Ltd. R-SeeNet Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of POST requests sent to the show_code.php endpoint. When processing the filename element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Advantech R-SeeNet",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-3385"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019036"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1451"
          },
          {
            "db": "VULHUB",
            "id": "VHN-431000"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-3385"
          }
        ],
        "trust": 2.43
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-3385",
            "trust": 4.1
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-22-291-01",
            "trust": 2.6
          },
          {
            "db": "JVN",
            "id": "JVNVU97893771",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019036",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-17409",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1451",
            "trust": 0.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-2399",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-431000",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-3385",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-1451"
          },
          {
            "db": "VULHUB",
            "id": "VHN-431000"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-3385"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019036"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-2399"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-3385"
          }
        ]
      },
      "id": "VAR-202210-1436",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-431000"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-08-14T13:42:18.900000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Advantech has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-291-01"
          },
          {
            "title": "Advantech R-SeeNet Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=212346"
          },
          {
            "title": null,
            "trust": 0.1,
            "url": "https://www.theregister.co.uk/2022/10/20/cisa_flaws_advantech_hitachi/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-1451"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-3385"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-2399"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-431000"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019036"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-3385"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.3,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-291-01"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu97893771/"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-3385"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-3385/"
          },
          {
            "trust": 0.1,
            "url": "https://www.theregister.co.uk/2022/10/20/cisa_flaws_advantech_hitachi/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-1451"
          },
          {
            "db": "VULHUB",
            "id": "VHN-431000"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-3385"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019036"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-2399"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-3385"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-22-1451"
          },
          {
            "db": "VULHUB",
            "id": "VHN-431000"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-3385"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019036"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-2399"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-3385"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-10-21T00:00:00",
            "db": "ZDI",
            "id": "ZDI-22-1451"
          },
          {
            "date": "2022-10-27T00:00:00",
            "db": "VULHUB",
            "id": "VHN-431000"
          },
          {
            "date": "2023-10-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-019036"
          },
          {
            "date": "2022-10-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202210-2399"
          },
          {
            "date": "2022-10-27T21:15:13.060000",
            "db": "NVD",
            "id": "CVE-2022-3385"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-10-21T00:00:00",
            "db": "ZDI",
            "id": "ZDI-22-1451"
          },
          {
            "date": "2022-10-28T00:00:00",
            "db": "VULHUB",
            "id": "VHN-431000"
          },
          {
            "date": "2023-10-24T06:57:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-019036"
          },
          {
            "date": "2022-10-31T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202210-2399"
          },
          {
            "date": "2023-11-07T03:51:12.023000",
            "db": "NVD",
            "id": "CVE-2022-3385"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-2399"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Advantech Co., Ltd. \u00a0R-SeeNet\u00a0 Out-of-bounds write vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019036"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-2399"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202210-1437

    Vulnerability from variot - Updated: 2024-08-14 13:42

    Advantech R-SeeNet Versions 2.4.19 and prior are vulnerable to path traversal attacks. An unauthorized attacker could remotely exploit vulnerable PHP code to delete .PDF files. Advantech Co., Ltd. R-SeeNet Exists in a past traversal vulnerability.Information may be tampered with. This vulnerability allows remote attackers to disclose sensitive information and delete arbitrary files on affected installations of Advantech R-SeeNet. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of the filename and path parameters provided to the out.php endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information and delete files in the context of SYSTEM. Advantech R-SeeNet is an industrial monitoring software developed by China Advantech Company. The software monitors the platform based on the snmp protocol, and is suitable for Linux and Windows platforms. Advantech R-SeeNet

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202210-1437",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "r-seenet",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "advantech",
            "version": "2.4.19"
          },
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "r-seenet",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "r-seenet",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": "2.4.19  and earlier"
          },
          {
            "model": "r-seenet",
            "scope": null,
            "trust": 0.7,
            "vendor": "advantech",
            "version": null
          },
          {
            "model": "r-seenet",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "advantech",
            "version": "\u003c=2.4.19"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-1449"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-16469"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019033"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-3387"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "rgod",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-1449"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2022-3387",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2023-16469",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-3387",
                "impactScore": 1.4,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "ics-cert@hq.dhs.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-3387",
                "impactScore": 2.5,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2022-3387",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "ZDI",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-3387",
                "impactScore": 2.5,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 0.7,
                "userInteraction": "NONE",
                "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-3387",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "ics-cert@hq.dhs.gov",
                "id": "CVE-2022-3387",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-3387",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "ZDI",
                "id": "CVE-2022-3387",
                "trust": 0.7,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2023-16469",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202210-2396",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-1449"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-16469"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019033"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-2396"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-3387"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-3387"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "\nAdvantech R-SeeNet Versions 2.4.19 and prior are vulnerable to path traversal attacks. An unauthorized attacker could remotely exploit vulnerable PHP code to delete .PDF files. Advantech Co., Ltd. R-SeeNet Exists in a past traversal vulnerability.Information may be tampered with. This vulnerability allows remote attackers to disclose sensitive information and delete arbitrary files on affected installations of Advantech R-SeeNet. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of the filename and path parameters provided to the out.php endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information and delete files in the context of SYSTEM. Advantech R-SeeNet is an industrial monitoring software developed by China Advantech Company. The software monitors the platform based on the snmp protocol, and is suitable for Linux and Windows platforms. Advantech R-SeeNet",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-3387"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019033"
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1449"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-16469"
          },
          {
            "db": "VULHUB",
            "id": "VHN-431002"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-3387"
          }
        ],
        "trust": 2.97
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-3387",
            "trust": 4.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-22-291-01",
            "trust": 2.6
          },
          {
            "db": "JVN",
            "id": "JVNVU97893771",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019033",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-17391",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-22-1449",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-16469",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-2396",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-431002",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-3387",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-1449"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-16469"
          },
          {
            "db": "VULHUB",
            "id": "VHN-431002"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-3387"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019033"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-2396"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-3387"
          }
        ]
      },
      "id": "VAR-202210-1437",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-16469"
          },
          {
            "db": "VULHUB",
            "id": "VHN-431002"
          }
        ],
        "trust": 0.06999999999999999
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-16469"
          }
        ]
      },
      "last_update_date": "2024-08-14T13:42:18.862000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Advantech has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-291-01"
          },
          {
            "title": "Patch for Advantech R-SeeNet Directory Traversal Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/413476"
          },
          {
            "title": "Advantech R-SeeNet Repair measures for path traversal vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=212344"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-1449"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-16469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-2396"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-22",
            "trust": 1.1
          },
          {
            "problemtype": "Path traversal (CWE-22) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-431002"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019033"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-3387"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.3,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-291-01"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-3387"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu97893771/"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-3387/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-22-1449"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-16469"
          },
          {
            "db": "VULHUB",
            "id": "VHN-431002"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-3387"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019033"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-2396"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-3387"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-22-1449"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-16469"
          },
          {
            "db": "VULHUB",
            "id": "VHN-431002"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-3387"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019033"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-2396"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-3387"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-10-21T00:00:00",
            "db": "ZDI",
            "id": "ZDI-22-1449"
          },
          {
            "date": "2023-03-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-16469"
          },
          {
            "date": "2022-10-27T00:00:00",
            "db": "VULHUB",
            "id": "VHN-431002"
          },
          {
            "date": "2023-10-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-019033"
          },
          {
            "date": "2022-10-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202210-2396"
          },
          {
            "date": "2022-10-27T21:15:13.443000",
            "db": "NVD",
            "id": "CVE-2022-3387"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-10-21T00:00:00",
            "db": "ZDI",
            "id": "ZDI-22-1449"
          },
          {
            "date": "2023-03-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-16469"
          },
          {
            "date": "2022-10-28T00:00:00",
            "db": "VULHUB",
            "id": "VHN-431002"
          },
          {
            "date": "2023-10-24T06:16:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-019033"
          },
          {
            "date": "2022-10-31T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202210-2396"
          },
          {
            "date": "2023-11-07T03:51:12.303000",
            "db": "NVD",
            "id": "CVE-2022-3387"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-2396"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Advantech Co., Ltd. \u00a0R-SeeNet\u00a0 Past traversal vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-019033"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "path traversal",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-2396"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202310-0391

    Vulnerability from variot - Updated: 2024-08-14 13:41

    Advantech R-SeeNet v2.4.23 allows an unauthenticated remote attacker to read from and write to the snmpmon.ini file, which contains sensitive information. Advantech R-SeeNet is an industrial monitoring software from China's Advantech Company.

    Advantech R-SeeNet has an information disclosure vulnerability that allows an attacker to obtain login credentials and default SNMP community strings from the snmpmon.ini file and use this information to launch further attacks on the affected system

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202310-0391",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "advantech",
            "version": "2.4.23"
          },
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "advantech",
            "version": "v2.4.23"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-07862"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-5642"
          }
        ]
      },
      "cve": "CVE-2023-5642",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2024-07862",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2023-5642",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-5642",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "vulnreport@tenable.com",
                "id": "CVE-2023-5642",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2024-07862",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-07862"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-5642"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-5642"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Advantech R-SeeNet v2.4.23 allows an unauthenticated remote attacker to read from and write to the snmpmon.ini file, which contains sensitive information. Advantech R-SeeNet is an industrial monitoring software from China\u0027s Advantech Company. \n\r\n\r\nAdvantech R-SeeNet has an information disclosure vulnerability that allows an attacker to obtain login credentials and default SNMP community strings from the snmpmon.ini file and use this information to launch further attacks on the affected system",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-5642"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-07862"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-5642"
          }
        ],
        "trust": 1.53
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-5642",
            "trust": 1.7
          },
          {
            "db": "TENABLE",
            "id": "TRA-2023-33",
            "trust": 1.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-07862",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-5642",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-07862"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-5642"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-5642"
          }
        ]
      },
      "id": "VAR-202310-0391",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-07862"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-07862"
          }
        ]
      },
      "last_update_date": "2024-08-14T13:41:27.810000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for Advantech R-SeeNet Information Disclosure Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/525691"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-07862"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.0
          },
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-5642"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.1,
            "url": "https://tenable.com/security/research/tra-2023-33"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-5642"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-07862"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-5642"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-5642"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-07862"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-5642"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-5642"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-02-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-07862"
          },
          {
            "date": "2023-10-18T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-5642"
          },
          {
            "date": "2023-10-18T16:15:08.943000",
            "db": "NVD",
            "id": "CVE-2023-5642"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-02-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-07862"
          },
          {
            "date": "2023-10-18T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-5642"
          },
          {
            "date": "2023-10-25T01:24:38.107000",
            "db": "NVD",
            "id": "CVE-2023-5642"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Advantech R-SeeNet Information Disclosure Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-07862"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202111-1756

    Vulnerability from variot - Updated: 2024-08-14 13:23

    An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at ‘company_filter’ parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. Advantech R-SeeNet for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202111-1756",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "advantech",
            "version": "2.4.15"
          },
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": "2.4.15 (2021/07/30)"
          },
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016727"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21915"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Yuri Kramarz of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1844"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-21915",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-21915",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "VHN-380319",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-21915",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.1,
                "id": "CVE-2021-21915",
                "impactScore": 4.0,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-21915",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-21915",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2021-21915",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-21915",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202111-1844",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-380319",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-21915",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380319"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21915"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016727"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1844"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21915"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21915"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable SQL injection vulnerability exist in the \u2018group_list\u2019 page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at \u2018company_filter\u2019 parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. Advantech R-SeeNet for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-21915"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016727"
          },
          {
            "db": "VULHUB",
            "id": "VHN-380319"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21915"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-21915",
            "trust": 3.4
          },
          {
            "db": "TALOS",
            "id": "TALOS-2021-1363",
            "trust": 2.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-348-01",
            "trust": 1.5
          },
          {
            "db": "JVN",
            "id": "JVNVU93378426",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016727",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4245",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021112314",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1844",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-380319",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21915",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380319"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21915"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016727"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1844"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21915"
          }
        ]
      },
      "id": "VAR-202111-1756",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380319"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-08-14T13:23:08.913000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.advantech.com/en"
          },
          {
            "title": "Advantech R-SeeNet SQL Repair measures for injecting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=170895"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016727"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1844"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.1
          },
          {
            "problemtype": "SQL injection (CWE-89) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380319"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016727"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21915"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.2,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1363"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21915"
          },
          {
            "trust": 0.9,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-348-01"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu93378426/index.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021112314"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4245"
          },
          {
            "trust": 0.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-348-01"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/89.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380319"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21915"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016727"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1844"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21915"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-380319"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21915"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016727"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1844"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21915"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-380319"
          },
          {
            "date": "2021-12-22T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21915"
          },
          {
            "date": "2022-12-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-016727"
          },
          {
            "date": "2021-11-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-1844"
          },
          {
            "date": "2021-12-22T19:15:10.120000",
            "db": "NVD",
            "id": "CVE-2021-21915"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-05-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-380319"
          },
          {
            "date": "2022-05-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21915"
          },
          {
            "date": "2022-12-21T05:47:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-016727"
          },
          {
            "date": "2021-12-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-1844"
          },
          {
            "date": "2022-05-13T15:49:12.760000",
            "db": "NVD",
            "id": "CVE-2021-21915"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1844"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Advantech\u00a0R-SeeNet\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016727"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1844"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202111-1730

    Vulnerability from variot - Updated: 2024-08-14 13:23

    A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘health_alt_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery. R-SeeNet for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202111-1730",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "advantech",
            "version": "2.4.15"
          },
          {
            "model": "r-seenet",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016668"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21936"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Yuri Kramarz of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1810"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-21936",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-21936",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "VHN-380340",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-21936",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.1,
                "id": "CVE-2021-21936",
                "impactScore": 4.0,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-21936",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-21936",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2021-21936",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-21936",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202111-1810",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-380340",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-21936",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380340"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21936"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016668"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1810"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21936"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21936"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at \u2018health_alt_filter\u2019 parameter. This can be done as any authenticated user or through cross-site request forgery. R-SeeNet for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-21936"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016668"
          },
          {
            "db": "VULHUB",
            "id": "VHN-380340"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21936"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-21936",
            "trust": 3.4
          },
          {
            "db": "TALOS",
            "id": "TALOS-2021-1366",
            "trust": 2.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-348-01",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU93378426",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016668",
            "trust": 0.8
          },
          {
            "db": "CS-HELP",
            "id": "SB2021112314",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4245",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1810",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-380340",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21936",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380340"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21936"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016668"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1810"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21936"
          }
        ]
      },
      "id": "VAR-202111-1730",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380340"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-08-14T13:23:08.882000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.advantech.com/en"
          },
          {
            "title": "Advantech R-SeeNet SQL Repair measures for injecting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=170862"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016668"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1810"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.1
          },
          {
            "problemtype": "SQL injection (CWE-89) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380340"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016668"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21936"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.2,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1366"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21936"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu93378426/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-348-01"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021112314"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4245"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/89.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380340"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21936"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016668"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1810"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21936"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-380340"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21936"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016668"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1810"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21936"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-380340"
          },
          {
            "date": "2021-12-22T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21936"
          },
          {
            "date": "2022-12-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-016668"
          },
          {
            "date": "2021-11-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-1810"
          },
          {
            "date": "2021-12-22T19:15:10.987000",
            "db": "NVD",
            "id": "CVE-2021-21936"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-10-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-380340"
          },
          {
            "date": "2021-12-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21936"
          },
          {
            "date": "2022-12-21T01:33:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-016668"
          },
          {
            "date": "2021-12-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-1810"
          },
          {
            "date": "2022-10-05T12:32:50.673000",
            "db": "NVD",
            "id": "CVE-2021-21936"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1810"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "R-SeeNet\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016668"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1810"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202111-1751

    Vulnerability from variot - Updated: 2024-08-14 13:23

    A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘name_filter’ parameter. However, the high privilege super-administrator account needs to be used to achieve exploitation without cross-site request forgery attack

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202111-1751",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "advantech",
            "version": "2.4.15"
          },
          {
            "model": "r-seenet",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016695"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21918"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Yuri Kramarz of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1861"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-21918",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-21918",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "VHN-380322",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULMON",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-21918",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.1,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2021-21918",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.1,
                "id": "CVE-2021-21918",
                "impactScore": 4.0,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.9,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-21918",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-21918",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2021-21918",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-21918",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202111-1861",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-380322",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-21918",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380322"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21918"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016695"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1861"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21918"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21918"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at \u2018name_filter\u2019 parameter. However, the high privilege super-administrator account needs to be used to achieve exploitation without cross-site request forgery attack",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-21918"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016695"
          },
          {
            "db": "VULHUB",
            "id": "VHN-380322"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21918"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-21918",
            "trust": 3.4
          },
          {
            "db": "TALOS",
            "id": "TALOS-2021-1364",
            "trust": 2.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-348-01",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU93378426",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016695",
            "trust": 0.8
          },
          {
            "db": "CS-HELP",
            "id": "SB2021112314",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4245",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1861",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-380322",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21918",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380322"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21918"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016695"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1861"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21918"
          }
        ]
      },
      "id": "VAR-202111-1751",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380322"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-08-14T13:23:08.851000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.advantech.com/en"
          },
          {
            "title": "Advantech R-SeeNet SQL Repair measures for injecting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=170911"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016695"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1861"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.1
          },
          {
            "problemtype": "SQL injection (CWE-89) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380322"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016695"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21918"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.2,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1364"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21918"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu93378426/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-348-01"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021112314"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4245"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/89.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380322"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21918"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016695"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1861"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21918"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-380322"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21918"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016695"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1861"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21918"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-380322"
          },
          {
            "date": "2021-12-22T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21918"
          },
          {
            "date": "2022-12-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-016695"
          },
          {
            "date": "2021-11-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-1861"
          },
          {
            "date": "2021-12-22T19:15:10.240000",
            "db": "NVD",
            "id": "CVE-2021-21918"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-23T00:00:00",
            "db": "VULHUB",
            "id": "VHN-380322"
          },
          {
            "date": "2021-12-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21918"
          },
          {
            "date": "2022-12-21T03:03:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-016695"
          },
          {
            "date": "2022-07-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-1861"
          },
          {
            "date": "2022-07-23T10:03:00.767000",
            "db": "NVD",
            "id": "CVE-2021-21918"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1861"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "R-SeeNet\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016695"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1861"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202111-1760

    Vulnerability from variot - Updated: 2024-08-14 13:23

    A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘firm_filter’ parameter

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202111-1760",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "advantech",
            "version": "2.4.15"
          },
          {
            "model": "r-seenet",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016683"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21925"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Yuri Kramarz of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1830"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-21925",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-21925",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "VHN-380329",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULMON",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-21925",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.1,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-21925",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.1,
                "id": "CVE-2021-21925",
                "impactScore": 4.0,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-21925",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-21925",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2021-21925",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-21925",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202111-1830",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-380329",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-21925",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380329"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21925"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016683"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1830"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21925"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21925"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at \u2018firm_filter\u2019 parameter",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-21925"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016683"
          },
          {
            "db": "VULHUB",
            "id": "VHN-380329"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21925"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-21925",
            "trust": 3.4
          },
          {
            "db": "TALOS",
            "id": "TALOS-2021-1366",
            "trust": 2.6
          },
          {
            "db": "JVN",
            "id": "JVNVU93378426",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-348-01",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016683",
            "trust": 0.8
          },
          {
            "db": "CS-HELP",
            "id": "SB2021112314",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4245",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1830",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-380329",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21925",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380329"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21925"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016683"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1830"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21925"
          }
        ]
      },
      "id": "VAR-202111-1760",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380329"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-08-14T13:23:08.819000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.advantech.com/en"
          },
          {
            "title": "Advantech R-SeeNet SQL Repair measures for injecting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=170881"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016683"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1830"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.1
          },
          {
            "problemtype": "SQL injection (CWE-89) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380329"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016683"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21925"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.2,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1366"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21925"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu93378426/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-348-01"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021112314"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4245"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/89.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380329"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21925"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016683"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1830"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21925"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-380329"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21925"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016683"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1830"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21925"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-380329"
          },
          {
            "date": "2021-12-22T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21925"
          },
          {
            "date": "2022-12-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-016683"
          },
          {
            "date": "2021-11-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-1830"
          },
          {
            "date": "2021-12-22T19:15:10.520000",
            "db": "NVD",
            "id": "CVE-2021-21925"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-380329"
          },
          {
            "date": "2021-12-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21925"
          },
          {
            "date": "2022-12-21T02:38:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-016683"
          },
          {
            "date": "2022-04-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-1830"
          },
          {
            "date": "2022-07-22T13:22:54.837000",
            "db": "NVD",
            "id": "CVE-2021-21925"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1830"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "R-SeeNet\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016683"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1830"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202111-1724

    Vulnerability from variot - Updated: 2024-08-14 13:23

    A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at ‘sn_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202111-1724",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "advantech",
            "version": "2.4.15"
          },
          {
            "model": "r-seenet",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016675"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21930"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Yuri Kramarz of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1818"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-21930",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-21930",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "VHN-380334",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULMON",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-21930",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.1,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-21930",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.1,
                "id": "CVE-2021-21930",
                "impactScore": 4.0,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-21930",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-21930",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2021-21930",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-21930",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202111-1818",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-380334",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-21930",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380334"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21930"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016675"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1818"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21930"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21930"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at \u2018sn_filter\u2019 parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-21930"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016675"
          },
          {
            "db": "VULHUB",
            "id": "VHN-380334"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21930"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-21930",
            "trust": 3.4
          },
          {
            "db": "TALOS",
            "id": "TALOS-2021-1366",
            "trust": 2.6
          },
          {
            "db": "JVN",
            "id": "JVNVU93378426",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-348-01",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016675",
            "trust": 0.8
          },
          {
            "db": "CS-HELP",
            "id": "SB2021112314",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4245",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1818",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-380334",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21930",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380334"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21930"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016675"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1818"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21930"
          }
        ]
      },
      "id": "VAR-202111-1724",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380334"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-08-14T13:23:08.786000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.advantech.com/en"
          },
          {
            "title": "Advantech R-SeeNet SQL Repair measures for injecting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=170870"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016675"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1818"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.1
          },
          {
            "problemtype": "SQL injection (CWE-89) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380334"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016675"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21930"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.2,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1366"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21930"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu93378426/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-348-01"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021112314"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4245"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/89.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380334"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21930"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016675"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1818"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21930"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-380334"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21930"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016675"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1818"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21930"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-380334"
          },
          {
            "date": "2021-12-22T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21930"
          },
          {
            "date": "2022-12-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-016675"
          },
          {
            "date": "2021-11-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-1818"
          },
          {
            "date": "2021-12-22T19:15:10.740000",
            "db": "NVD",
            "id": "CVE-2021-21930"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-23T00:00:00",
            "db": "VULHUB",
            "id": "VHN-380334"
          },
          {
            "date": "2021-12-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21930"
          },
          {
            "date": "2022-12-21T02:16:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-016675"
          },
          {
            "date": "2022-04-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-1818"
          },
          {
            "date": "2022-07-23T09:56:08.410000",
            "db": "NVD",
            "id": "CVE-2021-21930"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1818"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "R-SeeNet\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016675"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1818"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202111-1727

    Vulnerability from variot - Updated: 2024-08-14 13:23

    A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘esn_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202111-1727",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "advantech",
            "version": "2.4.15"
          },
          {
            "model": "r-seenet",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016672"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21933"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Yuri Kramarz of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1813"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-21933",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-21933",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "VHN-380337",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULMON",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-21933",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.1,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-21933",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.1,
                "id": "CVE-2021-21933",
                "impactScore": 4.0,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-21933",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-21933",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2021-21933",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-21933",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202111-1813",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-380337",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-21933",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380337"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21933"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016672"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1813"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21933"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21933"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at \u2018esn_filter\u2019 parameter. This can be done as any authenticated user or through cross-site request forgery",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-21933"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016672"
          },
          {
            "db": "VULHUB",
            "id": "VHN-380337"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21933"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-21933",
            "trust": 3.4
          },
          {
            "db": "TALOS",
            "id": "TALOS-2021-1366",
            "trust": 2.6
          },
          {
            "db": "JVN",
            "id": "JVNVU93378426",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-348-01",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016672",
            "trust": 0.8
          },
          {
            "db": "CS-HELP",
            "id": "SB2021112314",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4245",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1813",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-380337",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21933",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380337"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21933"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016672"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1813"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21933"
          }
        ]
      },
      "id": "VAR-202111-1727",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380337"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-08-14T13:23:08.752000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.advantech.com/en"
          },
          {
            "title": "Advantech R-SeeNet SQL Repair measures for injecting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=170865"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016672"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1813"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.1
          },
          {
            "problemtype": "SQL injection (CWE-89) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380337"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016672"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21933"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.2,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1366"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21933"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu93378426/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-348-01"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021112314"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4245"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/89.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380337"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21933"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016672"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1813"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21933"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-380337"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21933"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016672"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1813"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21933"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-380337"
          },
          {
            "date": "2021-12-22T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21933"
          },
          {
            "date": "2022-12-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-016672"
          },
          {
            "date": "2021-11-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-1813"
          },
          {
            "date": "2021-12-22T19:15:10.863000",
            "db": "NVD",
            "id": "CVE-2021-21933"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-23T00:00:00",
            "db": "VULHUB",
            "id": "VHN-380337"
          },
          {
            "date": "2021-12-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21933"
          },
          {
            "date": "2022-12-21T01:57:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-016672"
          },
          {
            "date": "2022-04-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-1813"
          },
          {
            "date": "2022-07-23T09:55:36.463000",
            "db": "NVD",
            "id": "CVE-2021-21933"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1813"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "R-SeeNet\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016672"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1813"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202111-1728

    Vulnerability from variot - Updated: 2024-08-14 13:23

    A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘imei_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202111-1728",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "advantech",
            "version": "2.4.15"
          },
          {
            "model": "r-seenet",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016670"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21934"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Yuri Kramarz of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1812"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-21934",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-21934",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "VHN-380338",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULMON",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-21934",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.1,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-21934",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.1,
                "id": "CVE-2021-21934",
                "impactScore": 4.0,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-21934",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-21934",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2021-21934",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-21934",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202111-1812",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-380338",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-21934",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380338"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21934"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016670"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1812"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21934"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21934"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at \u2018imei_filter\u2019 parameter. This can be done as any authenticated user or through cross-site request forgery",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-21934"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016670"
          },
          {
            "db": "VULHUB",
            "id": "VHN-380338"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21934"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-21934",
            "trust": 3.4
          },
          {
            "db": "TALOS",
            "id": "TALOS-2021-1366",
            "trust": 2.6
          },
          {
            "db": "JVN",
            "id": "JVNVU93378426",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-348-01",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016670",
            "trust": 0.8
          },
          {
            "db": "CS-HELP",
            "id": "SB2021112314",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4245",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1812",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-380338",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21934",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380338"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21934"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016670"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1812"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21934"
          }
        ]
      },
      "id": "VAR-202111-1728",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380338"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-08-14T13:23:08.720000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.advantech.com/en"
          },
          {
            "title": "Advantech R-SeeNet SQL Repair measures for injecting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=170864"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016670"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1812"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.1
          },
          {
            "problemtype": "SQL injection (CWE-89) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380338"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016670"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21934"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.2,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1366"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21934"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu93378426/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-348-01"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021112314"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4245"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/89.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380338"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21934"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016670"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1812"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21934"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-380338"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21934"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016670"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1812"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21934"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-380338"
          },
          {
            "date": "2021-12-22T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21934"
          },
          {
            "date": "2022-12-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-016670"
          },
          {
            "date": "2021-11-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-1812"
          },
          {
            "date": "2021-12-22T19:15:10.907000",
            "db": "NVD",
            "id": "CVE-2021-21934"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-23T00:00:00",
            "db": "VULHUB",
            "id": "VHN-380338"
          },
          {
            "date": "2021-12-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21934"
          },
          {
            "date": "2022-12-21T01:53:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-016670"
          },
          {
            "date": "2022-04-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-1812"
          },
          {
            "date": "2022-07-23T09:47:20.483000",
            "db": "NVD",
            "id": "CVE-2021-21934"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1812"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "R-SeeNet\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016670"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1812"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202111-1762

    Vulnerability from variot - Updated: 2024-08-14 13:23

    A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at ‘mac_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202111-1762",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "advantech",
            "version": "2.4.15"
          },
          {
            "model": "r-seenet",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016678"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21928"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Yuri Kramarz of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1823"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-21928",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-21928",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "VHN-380332",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULMON",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-21928",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.1,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-21928",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.1,
                "id": "CVE-2021-21928",
                "impactScore": 4.0,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-21928",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-21928",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2021-21928",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-21928",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202111-1823",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-380332",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-21928",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380332"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21928"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016678"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1823"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21928"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21928"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at \u2018mac_filter\u2019 parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-21928"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016678"
          },
          {
            "db": "VULHUB",
            "id": "VHN-380332"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21928"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-21928",
            "trust": 3.4
          },
          {
            "db": "TALOS",
            "id": "TALOS-2021-1366",
            "trust": 2.6
          },
          {
            "db": "JVN",
            "id": "JVNVU93378426",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-348-01",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016678",
            "trust": 0.8
          },
          {
            "db": "CS-HELP",
            "id": "SB2021112314",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4245",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1823",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-380332",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21928",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380332"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21928"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016678"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1823"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21928"
          }
        ]
      },
      "id": "VAR-202111-1762",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380332"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-08-14T13:23:08.661000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.advantech.com/en"
          },
          {
            "title": "Advantech R-SeeNet SQL Repair measures for injecting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=170875"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016678"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1823"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.1
          },
          {
            "problemtype": "SQL injection (CWE-89) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380332"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016678"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21928"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.2,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1366"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21928"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu93378426/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-348-01"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021112314"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4245"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/89.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380332"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21928"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016678"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1823"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21928"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-380332"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21928"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016678"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1823"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21928"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-380332"
          },
          {
            "date": "2021-12-22T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21928"
          },
          {
            "date": "2022-12-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-016678"
          },
          {
            "date": "2021-11-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-1823"
          },
          {
            "date": "2021-12-22T19:15:10.663000",
            "db": "NVD",
            "id": "CVE-2021-21928"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-23T00:00:00",
            "db": "VULHUB",
            "id": "VHN-380332"
          },
          {
            "date": "2021-12-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21928"
          },
          {
            "date": "2022-12-21T02:24:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-016678"
          },
          {
            "date": "2022-04-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-1823"
          },
          {
            "date": "2022-07-23T09:56:31.490000",
            "db": "NVD",
            "id": "CVE-2021-21928"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1823"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "R-SeeNet\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016678"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1823"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202111-1722

    Vulnerability from variot - Updated: 2024-08-14 13:23

    A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘health_filter’ parameter

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202111-1722",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "advantech",
            "version": "2.4.15"
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-21926"
          }
        ]
      },
      "cve": "CVE-2021-21926",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-21926",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "VHN-380330",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-21926",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.1,
                "id": "CVE-2021-21926",
                "impactScore": 4.0,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-21926",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2021-21926",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202111-1974",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-380330",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-21926",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380330"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21926"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1974"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21926"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21926"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at \u2018health_filter\u2019 parameter",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-21926"
          },
          {
            "db": "VULHUB",
            "id": "VHN-380330"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21926"
          }
        ],
        "trust": 1.08
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-21926",
            "trust": 1.8
          },
          {
            "db": "TALOS",
            "id": "TALOS-2021-1366",
            "trust": 1.8
          },
          {
            "db": "CS-HELP",
            "id": "SB2021112314",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4245",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1974",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-380330",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21926",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380330"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21926"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1974"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21926"
          }
        ]
      },
      "id": "VAR-202111-1722",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380330"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-08-14T13:23:08.633000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Advantech R-SeeNet SQL Repair measures for injecting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=171054"
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1974"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380330"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21926"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1366"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021112314"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4245"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21926"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/89.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380330"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21926"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1974"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21926"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-380330"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21926"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1974"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21926"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-380330"
          },
          {
            "date": "2021-12-22T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21926"
          },
          {
            "date": "2021-11-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-1974"
          },
          {
            "date": "2021-12-22T19:15:10.563000",
            "db": "NVD",
            "id": "CVE-2021-21926"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-380330"
          },
          {
            "date": "2021-12-23T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21926"
          },
          {
            "date": "2021-12-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-1974"
          },
          {
            "date": "2022-07-22T13:20:29.863000",
            "db": "NVD",
            "id": "CVE-2021-21926"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1974"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Advantech R-SeeNet SQL Injection vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1974"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1974"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202111-1761

    Vulnerability from variot - Updated: 2024-08-14 13:23

    A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘loc_filter’ parameter

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202111-1761",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "advantech",
            "version": "2.4.15"
          },
          {
            "model": "r-seenet",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016680"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21927"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Yuri Kramarz of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1827"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-21927",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-21927",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "VHN-380331",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULMON",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-21927",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.1,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-21927",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.1,
                "id": "CVE-2021-21927",
                "impactScore": 4.0,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-21927",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-21927",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2021-21927",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-21927",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202111-1827",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-380331",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-21927",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380331"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21927"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016680"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1827"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21927"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21927"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at \u2018loc_filter\u2019 parameter",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-21927"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016680"
          },
          {
            "db": "VULHUB",
            "id": "VHN-380331"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21927"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-21927",
            "trust": 3.4
          },
          {
            "db": "TALOS",
            "id": "TALOS-2021-1366",
            "trust": 2.6
          },
          {
            "db": "JVN",
            "id": "JVNVU93378426",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-348-01",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016680",
            "trust": 0.8
          },
          {
            "db": "CS-HELP",
            "id": "SB2021112314",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4245",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1827",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-380331",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21927",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380331"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21927"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016680"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1827"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21927"
          }
        ]
      },
      "id": "VAR-202111-1761",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380331"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-08-14T13:23:08.604000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.advantech.com/en"
          },
          {
            "title": "Advantech R-SeeNet SQL Repair measures for injecting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=170878"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016680"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1827"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.1
          },
          {
            "problemtype": "SQL injection (CWE-89) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380331"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016680"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21927"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.2,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1366"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21927"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu93378426/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-348-01"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021112314"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4245"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/89.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380331"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21927"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016680"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1827"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21927"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-380331"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21927"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016680"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1827"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21927"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-380331"
          },
          {
            "date": "2021-12-22T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21927"
          },
          {
            "date": "2022-12-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-016680"
          },
          {
            "date": "2021-11-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-1827"
          },
          {
            "date": "2021-12-22T19:15:10.620000",
            "db": "NVD",
            "id": "CVE-2021-21927"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-380331"
          },
          {
            "date": "2021-12-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21927"
          },
          {
            "date": "2022-12-21T02:31:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-016680"
          },
          {
            "date": "2022-04-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-1827"
          },
          {
            "date": "2022-07-22T13:22:05.277000",
            "db": "NVD",
            "id": "CVE-2021-21927"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1827"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "R-SeeNet\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016680"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1827"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202111-1732

    Vulnerability from variot - Updated: 2024-08-14 13:23

    A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘host_alt_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202111-1732",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "advantech",
            "version": "2.4.15"
          },
          {
            "model": "r-seenet",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016666"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21937"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Yuri Kramarz of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1808"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-21937",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-21937",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "VHN-380341",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULMON",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-21937",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.1,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-21937",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.1,
                "id": "CVE-2021-21937",
                "impactScore": 4.0,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-21937",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-21937",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2021-21937",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-21937",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202111-1808",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-380341",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-21937",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380341"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21937"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016666"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1808"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21937"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21937"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at \u2018host_alt_filter\u2019 parameter. This can be done as any authenticated user or through cross-site request forgery",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-21937"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016666"
          },
          {
            "db": "VULHUB",
            "id": "VHN-380341"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21937"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-21937",
            "trust": 3.4
          },
          {
            "db": "TALOS",
            "id": "TALOS-2021-1366",
            "trust": 2.6
          },
          {
            "db": "JVN",
            "id": "JVNVU93378426",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-348-01",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016666",
            "trust": 0.8
          },
          {
            "db": "CS-HELP",
            "id": "SB2021112314",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4245",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1808",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-380341",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21937",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380341"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21937"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016666"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1808"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21937"
          }
        ]
      },
      "id": "VAR-202111-1732",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380341"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-08-14T13:23:08.572000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.advantech.com/en"
          },
          {
            "title": "Advantech R-SeeNet SQL Repair measures for injecting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=170860"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016666"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1808"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.1
          },
          {
            "problemtype": "SQL injection (CWE-89) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016666"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21937"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.2,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1366"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21937"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu93378426/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-348-01"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021112314"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4245"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/89.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380341"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21937"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016666"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1808"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21937"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-380341"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21937"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016666"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1808"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21937"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-380341"
          },
          {
            "date": "2021-12-22T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21937"
          },
          {
            "date": "2022-12-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-016666"
          },
          {
            "date": "2021-11-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-1808"
          },
          {
            "date": "2021-12-22T19:15:11.030000",
            "db": "NVD",
            "id": "CVE-2021-21937"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-05-31T00:00:00",
            "db": "VULHUB",
            "id": "VHN-380341"
          },
          {
            "date": "2021-12-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21937"
          },
          {
            "date": "2022-12-21T01:25:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-016666"
          },
          {
            "date": "2022-06-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-1808"
          },
          {
            "date": "2022-05-31T18:34:05.270000",
            "db": "NVD",
            "id": "CVE-2021-21937"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1808"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "R-SeeNet\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016666"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1808"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202111-1726

    Vulnerability from variot - Updated: 2024-08-14 13:23

    A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘name_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202111-1726",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "advantech",
            "version": "2.4.15"
          },
          {
            "model": "r-seenet",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016674"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21932"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Yuri Kramarz of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1815"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-21932",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-21932",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "VHN-380336",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULMON",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-21932",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.1,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-21932",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.1,
                "id": "CVE-2021-21932",
                "impactScore": 4.0,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-21932",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-21932",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2021-21932",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-21932",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202111-1815",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-380336",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-21932",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380336"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21932"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016674"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1815"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21932"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21932"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at \u2018name_filter\u2019 parameter. This can be done as any authenticated user or through cross-site request forgery",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-21932"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016674"
          },
          {
            "db": "VULHUB",
            "id": "VHN-380336"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21932"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-21932",
            "trust": 3.4
          },
          {
            "db": "TALOS",
            "id": "TALOS-2021-1366",
            "trust": 2.6
          },
          {
            "db": "JVN",
            "id": "JVNVU93378426",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-348-01",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016674",
            "trust": 0.8
          },
          {
            "db": "CS-HELP",
            "id": "SB2021112314",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4245",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1815",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-380336",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21932",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380336"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21932"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016674"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1815"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21932"
          }
        ]
      },
      "id": "VAR-202111-1726",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380336"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-08-14T13:23:08.539000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.advantech.com/en"
          },
          {
            "title": "Advantech R-SeeNet SQL Repair measures for injecting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=170867"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016674"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1815"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.1
          },
          {
            "problemtype": "SQL injection (CWE-89) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380336"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016674"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21932"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.2,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1366"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21932"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu93378426/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-348-01"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021112314"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4245"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/89.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380336"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21932"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016674"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1815"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21932"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-380336"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21932"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016674"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1815"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21932"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-380336"
          },
          {
            "date": "2021-12-22T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21932"
          },
          {
            "date": "2022-12-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-016674"
          },
          {
            "date": "2021-11-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-1815"
          },
          {
            "date": "2021-12-22T19:15:10.823000",
            "db": "NVD",
            "id": "CVE-2021-21932"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-23T00:00:00",
            "db": "VULHUB",
            "id": "VHN-380336"
          },
          {
            "date": "2021-12-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21932"
          },
          {
            "date": "2022-12-21T02:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-016674"
          },
          {
            "date": "2022-04-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-1815"
          },
          {
            "date": "2022-07-23T09:55:57.363000",
            "db": "NVD",
            "id": "CVE-2021-21932"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1815"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "R-SeeNet\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016674"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1815"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202111-1729

    Vulnerability from variot - Updated: 2024-08-14 13:23

    A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘host_alt_filter2’ parameter. This can be done as any authenticated user or through cross-site request forgery

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202111-1729",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "advantech",
            "version": "2.4.15"
          },
          {
            "model": "r-seenet",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016669"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21935"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Yuri Kramarz of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1811"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-21935",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-21935",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "VHN-380339",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULMON",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-21935",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.1,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-21935",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.1,
                "id": "CVE-2021-21935",
                "impactScore": 4.0,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-21935",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-21935",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2021-21935",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-21935",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202111-1811",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-380339",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-21935",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380339"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21935"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016669"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1811"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21935"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21935"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at \u2018host_alt_filter2\u2019 parameter. This can be done as any authenticated user or through cross-site request forgery",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-21935"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016669"
          },
          {
            "db": "VULHUB",
            "id": "VHN-380339"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21935"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-21935",
            "trust": 3.4
          },
          {
            "db": "TALOS",
            "id": "TALOS-2021-1366",
            "trust": 2.6
          },
          {
            "db": "JVN",
            "id": "JVNVU93378426",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-348-01",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016669",
            "trust": 0.8
          },
          {
            "db": "CS-HELP",
            "id": "SB2021112314",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4245",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1811",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-380339",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21935",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380339"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21935"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016669"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1811"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21935"
          }
        ]
      },
      "id": "VAR-202111-1729",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380339"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-08-14T13:23:08.507000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.advantech.com/en"
          },
          {
            "title": "Advantech R-SeeNet SQL Repair measures for injecting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=170863"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016669"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1811"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.1
          },
          {
            "problemtype": "SQL injection (CWE-89) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380339"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016669"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21935"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.2,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1366"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21935"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu93378426/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-348-01"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021112314"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4245"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/89.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380339"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21935"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016669"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1811"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21935"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-380339"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21935"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016669"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1811"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21935"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-380339"
          },
          {
            "date": "2021-12-22T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21935"
          },
          {
            "date": "2022-12-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-016669"
          },
          {
            "date": "2021-11-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-1811"
          },
          {
            "date": "2021-12-22T19:15:10.947000",
            "db": "NVD",
            "id": "CVE-2021-21935"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-23T00:00:00",
            "db": "VULHUB",
            "id": "VHN-380339"
          },
          {
            "date": "2021-12-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21935"
          },
          {
            "date": "2022-12-21T01:37:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-016669"
          },
          {
            "date": "2022-04-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-1811"
          },
          {
            "date": "2022-07-23T09:47:07.053000",
            "db": "NVD",
            "id": "CVE-2021-21935"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1811"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "R-SeeNet\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016669"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1811"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202111-1735

    Vulnerability from variot - Updated: 2024-08-14 13:23

    A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘company_filter’ parameter with the administrative account or through cross-site request forgery

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202111-1735",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "advantech",
            "version": "2.4.15"
          },
          {
            "model": "r-seenet",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016686"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21923"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Yuri Kramarz of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1805"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-21923",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-21923",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "VHN-380327",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULMON",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-21923",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.1,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2021-21923",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.1,
                "id": "CVE-2021-21923",
                "impactScore": 4.0,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.9,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-21923",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-21923",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2021-21923",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-21923",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202111-1805",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-380327",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-21923",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380327"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21923"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016686"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1805"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21923"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21923"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at \u2018company_filter\u2019 parameter with the administrative account or through cross-site request forgery",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-21923"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016686"
          },
          {
            "db": "VULHUB",
            "id": "VHN-380327"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21923"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-21923",
            "trust": 3.4
          },
          {
            "db": "TALOS",
            "id": "TALOS-2021-1365",
            "trust": 2.6
          },
          {
            "db": "JVN",
            "id": "JVNVU93378426",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-348-01",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016686",
            "trust": 0.8
          },
          {
            "db": "CS-HELP",
            "id": "SB2021112314",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4245",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1805",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-380327",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21923",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380327"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21923"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016686"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1805"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21923"
          }
        ]
      },
      "id": "VAR-202111-1735",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380327"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-08-14T13:23:08.477000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.advantech.com/en"
          },
          {
            "title": "Advantech R-SeeNet SQL Repair measures for injecting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=170857"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016686"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1805"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.1
          },
          {
            "problemtype": "SQL injection (CWE-89) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380327"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016686"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21923"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.2,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1365"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21923"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu93378426/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-348-01"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021112314"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4245"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/89.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380327"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21923"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016686"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1805"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21923"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-380327"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21923"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016686"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1805"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21923"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-380327"
          },
          {
            "date": "2021-12-22T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21923"
          },
          {
            "date": "2022-12-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-016686"
          },
          {
            "date": "2021-11-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-1805"
          },
          {
            "date": "2021-12-22T19:15:10.443000",
            "db": "NVD",
            "id": "CVE-2021-21923"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-380327"
          },
          {
            "date": "2021-12-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21923"
          },
          {
            "date": "2022-12-21T02:45:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-016686"
          },
          {
            "date": "2022-07-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-1805"
          },
          {
            "date": "2022-07-22T13:25:07.343000",
            "db": "NVD",
            "id": "CVE-2021-21923"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1805"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "R-SeeNet\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016686"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1805"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202111-1759

    Vulnerability from variot - Updated: 2024-08-14 13:23

    A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘desc_filter’ parameter

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202111-1759",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "advantech",
            "version": "2.4.15"
          },
          {
            "model": "r-seenet",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016684"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21924"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Yuri Kramarz of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1835"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-21924",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-21924",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "VHN-380328",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULMON",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-21924",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.1,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-21924",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.1,
                "id": "CVE-2021-21924",
                "impactScore": 4.0,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-21924",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-21924",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2021-21924",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-21924",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202111-1835",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-380328",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-21924",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380328"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21924"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016684"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1835"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21924"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21924"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at \u2018desc_filter\u2019 parameter",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-21924"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016684"
          },
          {
            "db": "VULHUB",
            "id": "VHN-380328"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21924"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-21924",
            "trust": 3.4
          },
          {
            "db": "TALOS",
            "id": "TALOS-2021-1366",
            "trust": 2.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-348-01",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU93378426",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016684",
            "trust": 0.8
          },
          {
            "db": "CS-HELP",
            "id": "SB2021112314",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4245",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1835",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-380328",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21924",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380328"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21924"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016684"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1835"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21924"
          }
        ]
      },
      "id": "VAR-202111-1759",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380328"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-08-14T13:23:08.417000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.advantech.com/en"
          },
          {
            "title": "Advantech R-SeeNet SQL Repair measures for injecting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=170886"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016684"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1835"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.1
          },
          {
            "problemtype": "SQL injection (CWE-89) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380328"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016684"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21924"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.2,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1366"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21924"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu93378426/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-348-01"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021112314"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4245"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/89.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380328"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21924"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016684"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1835"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21924"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-380328"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21924"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016684"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1835"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21924"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-380328"
          },
          {
            "date": "2021-12-22T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21924"
          },
          {
            "date": "2022-12-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-016684"
          },
          {
            "date": "2021-11-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-1835"
          },
          {
            "date": "2021-12-22T19:15:10.480000",
            "db": "NVD",
            "id": "CVE-2021-21924"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-380328"
          },
          {
            "date": "2021-12-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21924"
          },
          {
            "date": "2022-12-21T02:41:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-016684"
          },
          {
            "date": "2022-04-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-1835"
          },
          {
            "date": "2022-07-22T13:23:01.187000",
            "db": "NVD",
            "id": "CVE-2021-21924"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1835"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "R-SeeNet\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016684"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1835"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202111-1734

    Vulnerability from variot - Updated: 2024-08-14 13:23

    A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘username_filter’ parameter with the administrative account or through cross-site request forgery

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202111-1734",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "advantech",
            "version": "2.4.15"
          },
          {
            "model": "r-seenet",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016688"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21922"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Yuri Kramarz of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1806"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-21922",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-21922",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "VHN-380326",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULMON",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-21922",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.1,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-21922",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.1,
                "id": "CVE-2021-21922",
                "impactScore": 4.0,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-21922",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-21922",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2021-21922",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-21922",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202111-1806",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-380326",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-21922",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380326"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21922"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016688"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1806"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21922"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21922"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at \u2018username_filter\u2019 parameter with the administrative account or through cross-site request forgery",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-21922"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016688"
          },
          {
            "db": "VULHUB",
            "id": "VHN-380326"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21922"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-21922",
            "trust": 3.4
          },
          {
            "db": "TALOS",
            "id": "TALOS-2021-1365",
            "trust": 2.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-348-01",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU93378426",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016688",
            "trust": 0.8
          },
          {
            "db": "CS-HELP",
            "id": "SB2021112314",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4245",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1806",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-380326",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21922",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380326"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21922"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016688"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1806"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21922"
          }
        ]
      },
      "id": "VAR-202111-1734",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380326"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-08-14T13:23:08.385000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.advantech.com/en"
          },
          {
            "title": "Advantech R-SeeNet SQL Repair measures for injecting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=170858"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016688"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1806"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.1
          },
          {
            "problemtype": "SQL injection (CWE-89) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380326"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016688"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21922"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.2,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1365"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21922"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu93378426/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-348-01"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021112314"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4245"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/89.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380326"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21922"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016688"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1806"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21922"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-380326"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21922"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016688"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1806"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21922"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-380326"
          },
          {
            "date": "2021-12-22T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21922"
          },
          {
            "date": "2022-12-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-016688"
          },
          {
            "date": "2021-11-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-1806"
          },
          {
            "date": "2021-12-22T19:15:10.403000",
            "db": "NVD",
            "id": "CVE-2021-21922"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-380326"
          },
          {
            "date": "2021-12-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21922"
          },
          {
            "date": "2022-12-21T02:49:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-016688"
          },
          {
            "date": "2022-04-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-1806"
          },
          {
            "date": "2022-07-22T13:25:16.360000",
            "db": "NVD",
            "id": "CVE-2021-21922"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1806"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "R-SeeNet\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016688"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1806"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202111-1733

    Vulnerability from variot - Updated: 2024-08-14 13:23

    A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘name_filter’ parameter with the administrative account or through cross-site request forgery

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202111-1733",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "advantech",
            "version": "2.4.15"
          },
          {
            "model": "r-seenet",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016689"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21921"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Yuri Kramarz of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1807"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-21921",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-21921",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "VHN-380325",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULMON",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-21921",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.1,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2021-21921",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.1,
                "id": "CVE-2021-21921",
                "impactScore": 4.0,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.9,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-21921",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-21921",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2021-21921",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-21921",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202111-1807",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-380325",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-21921",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380325"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21921"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016689"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1807"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21921"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21921"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at \u2018name_filter\u2019 parameter with the administrative account or through cross-site request forgery",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-21921"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016689"
          },
          {
            "db": "VULHUB",
            "id": "VHN-380325"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21921"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-21921",
            "trust": 3.4
          },
          {
            "db": "TALOS",
            "id": "TALOS-2021-1365",
            "trust": 2.6
          },
          {
            "db": "JVN",
            "id": "JVNVU93378426",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-348-01",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016689",
            "trust": 0.8
          },
          {
            "db": "CS-HELP",
            "id": "SB2021112314",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4245",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1807",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-380325",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21921",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380325"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21921"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016689"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1807"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21921"
          }
        ]
      },
      "id": "VAR-202111-1733",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380325"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-08-14T13:23:08.352000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.advantech.com/en"
          },
          {
            "title": "Advantech R-SeeNet SQL Repair measures for injecting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=170859"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016689"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1807"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.1
          },
          {
            "problemtype": "SQL injection (CWE-89) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380325"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016689"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21921"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.2,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1365"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21921"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu93378426/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-348-01"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021112314"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4245"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/89.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380325"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21921"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016689"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1807"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21921"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-380325"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21921"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016689"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1807"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21921"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-380325"
          },
          {
            "date": "2021-12-22T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21921"
          },
          {
            "date": "2022-12-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-016689"
          },
          {
            "date": "2021-11-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-1807"
          },
          {
            "date": "2021-12-22T19:15:10.360000",
            "db": "NVD",
            "id": "CVE-2021-21921"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-380325"
          },
          {
            "date": "2021-12-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21921"
          },
          {
            "date": "2022-12-21T02:52:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-016689"
          },
          {
            "date": "2022-07-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-1807"
          },
          {
            "date": "2022-07-22T13:27:19.660000",
            "db": "NVD",
            "id": "CVE-2021-21921"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1807"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "R-SeeNet\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016689"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1807"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202111-1757

    Vulnerability from variot - Updated: 2024-08-14 13:23

    An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at 'description_filter’ parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. Advantech R-SeeNet for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202111-1757",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "advantech",
            "version": "2.4.15"
          },
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": "2.4.15 (2021/07/30)"
          },
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016726"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21916"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Yuri Kramarz of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1843"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-21916",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-21916",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "VHN-380320",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULMON",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2021-21916",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "HIGH",
                "trust": 0.1,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-21916",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.1,
                "id": "CVE-2021-21916",
                "impactScore": 4.0,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-21916",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-21916",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2021-21916",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-21916",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202111-1843",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-380320",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-21916",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380320"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21916"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016726"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1843"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21916"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21916"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable SQL injection vulnerability exist in the \u2018group_list\u2019 page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at \u0027description_filter\u2019 parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. Advantech R-SeeNet for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-21916"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016726"
          },
          {
            "db": "VULHUB",
            "id": "VHN-380320"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21916"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-21916",
            "trust": 3.4
          },
          {
            "db": "TALOS",
            "id": "TALOS-2021-1363",
            "trust": 2.6
          },
          {
            "db": "JVN",
            "id": "JVNVU93378426",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-348-01",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016726",
            "trust": 0.8
          },
          {
            "db": "CS-HELP",
            "id": "SB2021112314",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4245",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1843",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-380320",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21916",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380320"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21916"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016726"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1843"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21916"
          }
        ]
      },
      "id": "VAR-202111-1757",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380320"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-08-14T13:23:08.313000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.advantech.com/en"
          },
          {
            "title": "R-SeeNet SQL Repair measures for injecting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=176759"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016726"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1843"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.1
          },
          {
            "problemtype": "SQL injection (CWE-89) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380320"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016726"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21916"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.2,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1363"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21916"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu93378426/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-348-01"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021112314"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4245"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/89.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380320"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21916"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016726"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1843"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21916"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-380320"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21916"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016726"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1843"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21916"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-380320"
          },
          {
            "date": "2021-12-22T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21916"
          },
          {
            "date": "2022-12-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-016726"
          },
          {
            "date": "2021-11-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-1843"
          },
          {
            "date": "2021-12-22T19:15:10.160000",
            "db": "NVD",
            "id": "CVE-2021-21916"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-05-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-380320"
          },
          {
            "date": "2021-12-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21916"
          },
          {
            "date": "2022-12-21T05:41:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-016726"
          },
          {
            "date": "2022-05-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-1843"
          },
          {
            "date": "2022-05-13T15:49:20.167000",
            "db": "NVD",
            "id": "CVE-2021-21916"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1843"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Advantech\u00a0R-SeeNet\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016726"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1843"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202111-1725

    Vulnerability from variot - Updated: 2024-08-14 13:23

    A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at‘ stat_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202111-1725",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "advantech",
            "version": "2.4.15"
          },
          {
            "model": "r-seenet",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016725"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21931"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Yuri Kramarz of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1816"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-21931",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-21931",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "VHN-380335",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULMON",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-21931",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.1,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-21931",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.1,
                "id": "CVE-2021-21931",
                "impactScore": 4.0,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-21931",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-21931",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2021-21931",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-21931",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202111-1816",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-380335",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-21931",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380335"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21931"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016725"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1816"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21931"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21931"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at\u2018 stat_filter\u2019 parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-21931"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016725"
          },
          {
            "db": "VULHUB",
            "id": "VHN-380335"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21931"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-21931",
            "trust": 3.4
          },
          {
            "db": "TALOS",
            "id": "TALOS-2021-1366",
            "trust": 2.6
          },
          {
            "db": "JVN",
            "id": "JVNVU93378426",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-348-01",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016725",
            "trust": 0.8
          },
          {
            "db": "CS-HELP",
            "id": "SB2021112314",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4245",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1816",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-380335",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21931",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380335"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21931"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016725"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1816"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21931"
          }
        ]
      },
      "id": "VAR-202111-1725",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380335"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-08-14T13:23:04.932000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.advantech.com/en"
          },
          {
            "title": "Advantech R-SeeNet SQL Repair measures for injecting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=170868"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016725"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1816"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.1
          },
          {
            "problemtype": "SQL injection (CWE-89) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380335"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016725"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21931"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.2,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1366"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21931"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu93378426/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-348-01"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021112314"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4245"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/89.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380335"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21931"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016725"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1816"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21931"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-380335"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21931"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016725"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1816"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21931"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-380335"
          },
          {
            "date": "2021-12-22T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21931"
          },
          {
            "date": "2022-12-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-016725"
          },
          {
            "date": "2021-11-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-1816"
          },
          {
            "date": "2021-12-22T19:15:10.783000",
            "db": "NVD",
            "id": "CVE-2021-21931"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-23T00:00:00",
            "db": "VULHUB",
            "id": "VHN-380335"
          },
          {
            "date": "2021-12-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21931"
          },
          {
            "date": "2022-12-21T05:35:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-016725"
          },
          {
            "date": "2022-04-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-1816"
          },
          {
            "date": "2022-07-23T10:03:12.147000",
            "db": "NVD",
            "id": "CVE-2021-21931"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1816"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "R-SeeNet\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016725"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1816"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202111-1758

    Vulnerability from variot - Updated: 2024-08-14 13:23

    An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at '‘ord’ parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. Advantech R-SeeNet for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202111-1758",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "advantech",
            "version": "2.4.15"
          },
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": "2.4.15 (2021/07/30)"
          },
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016696"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21917"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Yuri Kramarz of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1839"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-21917",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-21917",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "VHN-380321",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-21917",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.1,
                "id": "CVE-2021-21917",
                "impactScore": 4.0,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-21917",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-21917",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2021-21917",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-21917",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202111-1839",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-380321",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-21917",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380321"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21917"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016696"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1839"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21917"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21917"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable SQL injection vulnerability exist in the \u2018group_list\u2019 page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at \u0027\u2018ord\u2019 parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. Advantech R-SeeNet for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-21917"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016696"
          },
          {
            "db": "VULHUB",
            "id": "VHN-380321"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21917"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-21917",
            "trust": 3.4
          },
          {
            "db": "TALOS",
            "id": "TALOS-2021-1363",
            "trust": 2.6
          },
          {
            "db": "JVN",
            "id": "JVNVU93378426",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-348-01",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016696",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4245",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021112314",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1839",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-380321",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21917",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380321"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21917"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016696"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1839"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21917"
          }
        ]
      },
      "id": "VAR-202111-1758",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380321"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-08-14T13:23:04.900000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.advantech.com/en"
          },
          {
            "title": "Advantech R-SeeNet SQL Repair measures for injecting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=176980"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016696"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1839"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.1
          },
          {
            "problemtype": "SQL injection (CWE-89) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380321"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016696"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21917"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.2,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1363"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21917"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu93378426/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-348-01"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021112314"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4245"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/89.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380321"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21917"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016696"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1839"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21917"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-380321"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21917"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016696"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1839"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21917"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-380321"
          },
          {
            "date": "2021-12-22T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21917"
          },
          {
            "date": "2022-12-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-016696"
          },
          {
            "date": "2021-11-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-1839"
          },
          {
            "date": "2021-12-22T19:15:10.200000",
            "db": "NVD",
            "id": "CVE-2021-21917"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-05-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-380321"
          },
          {
            "date": "2021-12-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21917"
          },
          {
            "date": "2022-12-21T03:08:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-016696"
          },
          {
            "date": "2022-01-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-1839"
          },
          {
            "date": "2022-05-13T15:51:20.690000",
            "db": "NVD",
            "id": "CVE-2021-21917"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1839"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Advantech\u00a0R-SeeNet\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016696"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1839"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202111-1723

    Vulnerability from variot - Updated: 2024-08-14 13:23

    A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at ‘prod_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202111-1723",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "advantech",
            "version": "2.4.15"
          },
          {
            "model": "r-seenet",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016676"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21929"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Yuri Kramarz of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1820"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-21929",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-21929",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "VHN-380333",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULMON",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-21929",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.1,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-21929",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.1,
                "id": "CVE-2021-21929",
                "impactScore": 4.0,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-21929",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-21929",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2021-21929",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-21929",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202111-1820",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-380333",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-21929",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380333"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21929"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016676"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1820"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21929"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21929"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at \u2018prod_filter\u2019 parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-21929"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016676"
          },
          {
            "db": "VULHUB",
            "id": "VHN-380333"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21929"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-21929",
            "trust": 3.4
          },
          {
            "db": "TALOS",
            "id": "TALOS-2021-1366",
            "trust": 2.6
          },
          {
            "db": "JVN",
            "id": "JVNVU93378426",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-348-01",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016676",
            "trust": 0.8
          },
          {
            "db": "CS-HELP",
            "id": "SB2021112314",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4245",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1820",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-380333",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21929",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380333"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21929"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016676"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1820"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21929"
          }
        ]
      },
      "id": "VAR-202111-1723",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380333"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-08-14T13:23:04.868000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.advantech.com/en"
          },
          {
            "title": "Advantech R-SeeNet SQL Repair measures for injecting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=170872"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016676"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1820"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.1
          },
          {
            "problemtype": "SQL injection (CWE-89) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380333"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016676"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21929"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.2,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1366"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21929"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu93378426/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-348-01"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021112314"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4245"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/89.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380333"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21929"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016676"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1820"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21929"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-380333"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21929"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016676"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1820"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21929"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-380333"
          },
          {
            "date": "2021-12-22T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21929"
          },
          {
            "date": "2022-12-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-016676"
          },
          {
            "date": "2021-11-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-1820"
          },
          {
            "date": "2021-12-22T19:15:10.703000",
            "db": "NVD",
            "id": "CVE-2021-21929"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-23T00:00:00",
            "db": "VULHUB",
            "id": "VHN-380333"
          },
          {
            "date": "2021-12-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21929"
          },
          {
            "date": "2022-12-21T02:20:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-016676"
          },
          {
            "date": "2022-04-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-1820"
          },
          {
            "date": "2022-07-23T09:46:59.437000",
            "db": "NVD",
            "id": "CVE-2021-21929"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1820"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "R-SeeNet\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016676"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1820"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202111-1731

    Vulnerability from variot - Updated: 2024-08-14 13:23

    A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘surname_filter’ parameter with the administrative account or through cross-site request forgery

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202111-1731",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "advantech",
            "version": "2.4.15"
          },
          {
            "model": "r-seenet",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016691"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21920"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Yuri Kramarz of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1809"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-21920",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-21920",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "VHN-380324",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULMON",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-21920",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.1,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2021-21920",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.1,
                "id": "CVE-2021-21920",
                "impactScore": 4.0,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.9,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-21920",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-21920",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2021-21920",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-21920",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202111-1809",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-380324",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-21920",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380324"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21920"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016691"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1809"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21920"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21920"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at \u2018surname_filter\u2019 parameter with the administrative account or through cross-site request forgery",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-21920"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016691"
          },
          {
            "db": "VULHUB",
            "id": "VHN-380324"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21920"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-21920",
            "trust": 3.4
          },
          {
            "db": "TALOS",
            "id": "TALOS-2021-1365",
            "trust": 2.6
          },
          {
            "db": "JVN",
            "id": "JVNVU93378426",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-348-01",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016691",
            "trust": 0.8
          },
          {
            "db": "CS-HELP",
            "id": "SB2021112314",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4245",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1809",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-380324",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21920",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380324"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21920"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016691"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1809"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21920"
          }
        ]
      },
      "id": "VAR-202111-1731",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380324"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-08-14T13:23:04.836000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.advantech.com/en"
          },
          {
            "title": "Advantech R-SeeNet SQL Repair measures for injecting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=170861"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016691"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1809"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.1
          },
          {
            "problemtype": "SQL injection (CWE-89) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380324"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016691"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21920"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.2,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1365"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21920"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu93378426/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-348-01"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021112314"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4245"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/89.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380324"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21920"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016691"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1809"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21920"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-380324"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21920"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016691"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1809"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21920"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-380324"
          },
          {
            "date": "2021-12-22T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21920"
          },
          {
            "date": "2022-12-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-016691"
          },
          {
            "date": "2021-11-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-1809"
          },
          {
            "date": "2021-12-22T19:15:10.320000",
            "db": "NVD",
            "id": "CVE-2021-21920"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-380324"
          },
          {
            "date": "2021-12-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21920"
          },
          {
            "date": "2022-12-21T02:56:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-016691"
          },
          {
            "date": "2022-07-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-1809"
          },
          {
            "date": "2022-07-22T13:25:48.997000",
            "db": "NVD",
            "id": "CVE-2021-21920"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1809"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "R-SeeNet\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016691"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1809"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202111-1752

    Vulnerability from variot - Updated: 2024-08-14 13:23

    A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ord’ parameter. However, the high privilege super-administrator account needs to be used to achieve exploitation without cross-site request forgery attack

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202111-1752",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "advantech",
            "version": "2.4.15"
          },
          {
            "model": "r-seenet",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016693"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21919"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Discovered by Yuri Kramarz of Cisco Talos.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1857"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-21919",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-21919",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "VHN-380323",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULMON",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-21919",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.1,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2021-21919",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.1,
                "id": "CVE-2021-21919",
                "impactScore": 4.0,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.9,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-21919",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-21919",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2021-21919",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-21919",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202111-1857",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-380323",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-21919",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380323"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21919"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016693"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1857"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21919"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21919"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ord\u2019 parameter. However, the high privilege super-administrator account needs to be used to achieve exploitation without cross-site request forgery attack",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-21919"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016693"
          },
          {
            "db": "VULHUB",
            "id": "VHN-380323"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21919"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-21919",
            "trust": 3.4
          },
          {
            "db": "TALOS",
            "id": "TALOS-2021-1364",
            "trust": 2.6
          },
          {
            "db": "JVN",
            "id": "JVNVU93378426",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-21-348-01",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016693",
            "trust": 0.8
          },
          {
            "db": "CS-HELP",
            "id": "SB2021112314",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2021.4245",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1857",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-380323",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21919",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380323"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21919"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016693"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1857"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21919"
          }
        ]
      },
      "id": "VAR-202111-1752",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380323"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-08-14T13:23:04.804000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.advantech.com/en"
          },
          {
            "title": "Advantech R-SeeNet SQL Repair measures for injecting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=170908"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016693"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1857"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.1
          },
          {
            "problemtype": "SQL injection (CWE-89) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380323"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016693"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21919"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.2,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1364"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21919"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu93378426/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-348-01"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021112314"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2021.4245"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/89.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380323"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21919"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016693"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1857"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21919"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-380323"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21919"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016693"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1857"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21919"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-380323"
          },
          {
            "date": "2021-12-22T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21919"
          },
          {
            "date": "2022-12-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-016693"
          },
          {
            "date": "2021-11-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-1857"
          },
          {
            "date": "2021-12-22T19:15:10.283000",
            "db": "NVD",
            "id": "CVE-2021-21919"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-380323"
          },
          {
            "date": "2021-12-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21919"
          },
          {
            "date": "2022-12-21T02:59:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-016693"
          },
          {
            "date": "2022-07-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-1857"
          },
          {
            "date": "2022-07-22T13:25:57.917000",
            "db": "NVD",
            "id": "CVE-2021-21919"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1857"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "R-SeeNet\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-016693"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-1857"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202107-0558

    Vulnerability from variot - Updated: 2024-08-14 13:05

    Cross-site scripting vulnerabilities exist in the telnet_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted user’s browser. An attacker can provide a crafted URL to trigger this vulnerability. Advantech R-SeeNet Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Advantech R-SeeNet is an industrial monitoring software developed by China Taiwan Advantech Company. The software monitors the platform based on the snmp protocol, and is suitable for Linux and Windows platforms

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202107-0558",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "advantech",
            "version": "2.4.12"
          },
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": "2.4.12 (20.10.2020)"
          },
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-009702"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21799"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Member of Cisco Talos team",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-1120"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-21799",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2021-21799",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-380203",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-21799",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-21799",
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.1,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2021-21799",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-21799",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2021-21799",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-21799",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202104-975",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202107-1120",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-380203",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-21799",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380203"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21799"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-009702"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-1120"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21799"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21799"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross-site scripting vulnerabilities exist in the telnet_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted user\u2019s browser. An attacker can provide a crafted URL to trigger this vulnerability. Advantech R-SeeNet Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Advantech R-SeeNet is an industrial monitoring software developed by China Taiwan Advantech Company. The software monitors the platform based on the snmp protocol, and is suitable for Linux and Windows platforms",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-21799"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-009702"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "VULHUB",
            "id": "VHN-380203"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21799"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-21799",
            "trust": 3.4
          },
          {
            "db": "TALOS",
            "id": "TALOS-2021-1270",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-009702",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-1120",
            "trust": 0.7
          },
          {
            "db": "CS-HELP",
            "id": "SB2021041363",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021071609",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-380203",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21799",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380203"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21799"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-009702"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-1120"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21799"
          }
        ]
      },
      "id": "VAR-202107-0558",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380203"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-08-14T13:05:32.949000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "R-SeeNet",
            "trust": 0.8,
            "url": "https://icr.advantech.cz/products/software/r-seenet"
          },
          {
            "title": "Advantech R-SeeNet Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=157822"
          },
          {
            "title": "Kenzer Templates [5170] [DEPRECATED]",
            "trust": 0.1,
            "url": "https://github.com/ARPSyndicate/kenzer-templates "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-21799"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-009702"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-1120"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.1
          },
          {
            "problemtype": "Cross-site scripting (CWE-79) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380203"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-009702"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21799"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.2,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1270"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21799"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021071609"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/79.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/arpsyndicate/kenzer-templates"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380203"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21799"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-009702"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-1120"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21799"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-380203"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21799"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-009702"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-1120"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21799"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-07-16T00:00:00",
            "db": "VULHUB",
            "id": "VHN-380203"
          },
          {
            "date": "2021-07-16T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21799"
          },
          {
            "date": "2022-05-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-009702"
          },
          {
            "date": "2021-04-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "date": "2021-07-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202107-1120"
          },
          {
            "date": "2021-07-16T11:15:09.613000",
            "db": "NVD",
            "id": "CVE-2021-21799"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-09-30T00:00:00",
            "db": "VULHUB",
            "id": "VHN-380203"
          },
          {
            "date": "2022-09-30T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21799"
          },
          {
            "date": "2022-05-17T08:46:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-009702"
          },
          {
            "date": "2021-04-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "date": "2021-08-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202107-1120"
          },
          {
            "date": "2022-09-30T03:08:21.667000",
            "db": "NVD",
            "id": "CVE-2021-21799"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-1120"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Advantech\u00a0R-SeeNet\u00a0 Cross-site Scripting Vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-009702"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202107-0562

    Vulnerability from variot - Updated: 2024-08-14 13:04

    This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Advantech R-SeeNet is an industrial monitoring software developed by China Taiwan Advantech Company. The software monitors the platform based on the snmp protocol, and is suitable for Linux and Windows platforms

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202107-0562",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "advantech",
            "version": "2.4.12"
          },
          {
            "model": "r-seenet",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "r-seenet",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-009585"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21803"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Member of Cisco Talos team",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-1100"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-21803",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2021-21803",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-380207",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-21803",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-21803",
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.1,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2021-21803",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-21803",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2021-21803",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-21803",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202107-1100",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202104-975",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-380207",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-21803",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380207"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21803"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-009585"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-1100"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21803"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21803"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Advantech R-SeeNet is an industrial monitoring software developed by China Taiwan Advantech Company. The software monitors the platform based on the snmp protocol, and is suitable for Linux and Windows platforms",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-21803"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-009585"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "VULHUB",
            "id": "VHN-380207"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21803"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-21803",
            "trust": 3.4
          },
          {
            "db": "TALOS",
            "id": "TALOS-2021-1272",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-009585",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-1100",
            "trust": 0.7
          },
          {
            "db": "CS-HELP",
            "id": "SB2021071609",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021041363",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-380207",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21803",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380207"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21803"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-009585"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-1100"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21803"
          }
        ]
      },
      "id": "VAR-202107-0562",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380207"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-08-14T13:04:02.838000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.advantech.com/"
          },
          {
            "title": "Advantech R-SeeNet Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=157181"
          },
          {
            "title": "Kenzer Templates [5170] [DEPRECATED]",
            "trust": 0.1,
            "url": "https://github.com/ARPSyndicate/kenzer-templates "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-21803"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-009585"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-1100"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.1
          },
          {
            "problemtype": "Cross-site scripting (CWE-79) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380207"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-009585"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21803"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.6,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2021-1272"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21803"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021071609"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/79.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/arpsyndicate/kenzer-templates"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-380207"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21803"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-009585"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-1100"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21803"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-380207"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21803"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-009585"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-1100"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21803"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-07-16T00:00:00",
            "db": "VULHUB",
            "id": "VHN-380207"
          },
          {
            "date": "2021-07-16T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21803"
          },
          {
            "date": "2022-05-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-009585"
          },
          {
            "date": "2021-07-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202107-1100"
          },
          {
            "date": "2021-04-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "date": "2021-07-16T11:15:09.833000",
            "db": "NVD",
            "id": "CVE-2021-21803"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-09-30T00:00:00",
            "db": "VULHUB",
            "id": "VHN-380207"
          },
          {
            "date": "2022-09-30T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21803"
          },
          {
            "date": "2022-05-11T04:55:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-009585"
          },
          {
            "date": "2021-07-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202107-1100"
          },
          {
            "date": "2021-04-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "date": "2022-09-30T02:51:01.540000",
            "db": "NVD",
            "id": "CVE-2021-21803"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-1100"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Advantech\u00a0R-SeeNet\u00a0 Cross-site scripting vulnerabilities in web applications",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-009585"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202107-1100"
          }
        ],
        "trust": 0.6
      }
    }