Search
Find a vulnerability
Search criteria
2 vulnerabilities found for reason_rpv311_firmware by ge
CVE-2021-31477 (GCVE-0-2021-31477)
Vulnerability from nvd – Published: 2021-06-16 22:15 – Updated: 2024-08-03 23:03
VLAI
EPSS
VEX
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE Reason RPV311 14A03. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware and filesystem of the device. The firmware and filesystem contain hard-coded default credentials. An attacker can leverage this vulnerability to execute code in the context of the download user. Was ZDI-CAN-11852.
Severity
6.3 (Medium)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
| https://www.gegridsolutions.com/products/support/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| GE | Reason RPV311 |
Affected:
14A03
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:03:32.626Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-616/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.gegridsolutions.com/products/support/GES-2021-005%20-%20RPV311%20Security%20Notice.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Reason RPV311",
"vendor": "GE",
"versions": [
{
"status": "affected",
"version": "14A03"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Anonymous"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE Reason RPV311 14A03. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware and filesystem of the device. The firmware and filesystem contain hard-coded default credentials. An attacker can leverage this vulnerability to execute code in the context of the download user. Was ZDI-CAN-11852."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798: Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-29T14:33:46.000Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-616/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.gegridsolutions.com/products/support/GES-2021-005%20-%20RPV311%20Security%20Notice.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-31477",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Reason RPV311",
"version": {
"version_data": [
{
"version_value": "14A03"
}
]
}
}
]
},
"vendor_name": "GE"
}
]
}
},
"credit": "Anonymous",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE Reason RPV311 14A03. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware and filesystem of the device. The firmware and filesystem contain hard-coded default credentials. An attacker can leverage this vulnerability to execute code in the context of the download user. Was ZDI-CAN-11852."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798: Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-616/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-616/"
},
{
"name": "https://www.gegridsolutions.com/products/support/GES-2021-005%20-%20RPV311%20Security%20Notice.pdf",
"refsource": "MISC",
"url": "https://www.gegridsolutions.com/products/support/GES-2021-005%20-%20RPV311%20Security%20Notice.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2021-31477",
"datePublished": "2021-06-16T22:15:21.000Z",
"dateReserved": "2021-04-16T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:03:32.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31477 (GCVE-0-2021-31477)
Vulnerability from cvelistv5 – Published: 2021-06-16 22:15 – Updated: 2024-08-03 23:03
VLAI
EPSS
VEX
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE Reason RPV311 14A03. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware and filesystem of the device. The firmware and filesystem contain hard-coded default credentials. An attacker can leverage this vulnerability to execute code in the context of the download user. Was ZDI-CAN-11852.
Severity
6.3 (Medium)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
| https://www.gegridsolutions.com/products/support/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| GE | Reason RPV311 |
Affected:
14A03
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:03:32.626Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-616/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.gegridsolutions.com/products/support/GES-2021-005%20-%20RPV311%20Security%20Notice.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Reason RPV311",
"vendor": "GE",
"versions": [
{
"status": "affected",
"version": "14A03"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Anonymous"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE Reason RPV311 14A03. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware and filesystem of the device. The firmware and filesystem contain hard-coded default credentials. An attacker can leverage this vulnerability to execute code in the context of the download user. Was ZDI-CAN-11852."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798: Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-29T14:33:46.000Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-616/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.gegridsolutions.com/products/support/GES-2021-005%20-%20RPV311%20Security%20Notice.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-31477",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Reason RPV311",
"version": {
"version_data": [
{
"version_value": "14A03"
}
]
}
}
]
},
"vendor_name": "GE"
}
]
}
},
"credit": "Anonymous",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE Reason RPV311 14A03. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware and filesystem of the device. The firmware and filesystem contain hard-coded default credentials. An attacker can leverage this vulnerability to execute code in the context of the download user. Was ZDI-CAN-11852."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798: Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-616/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-616/"
},
{
"name": "https://www.gegridsolutions.com/products/support/GES-2021-005%20-%20RPV311%20Security%20Notice.pdf",
"refsource": "MISC",
"url": "https://www.gegridsolutions.com/products/support/GES-2021-005%20-%20RPV311%20Security%20Notice.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2021-31477",
"datePublished": "2021-06-16T22:15:21.000Z",
"dateReserved": "2021-04-16T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:03:32.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}