Vulnerability-Lookup

CVE-2021-25848 (GCVE-0-2021-25848)

Vulnerability from cvelistv5 – Published: 2021-05-10 10:42 – Updated: 2024-08-03 20:11

Summary

Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to using fixed loop counter variable without checking the actual available length via a crafted lldp packet.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

GSD-2021-25848

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-25848

Aliases

CVE-2021-25848

JSON

To clipboard Create KEV Entry

{
  "GSD": {
    "alias": "CVE-2021-25848",
    "description": "Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to using fixed loop counter variable without checking the actual available length via a crafted lldp packet.",
    "id": "GSD-2021-25848"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-25848"
      ],
      "details": "Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to using fixed loop counter variable without checking the actual available length via a crafted lldp packet.",
      "id": "GSD-2021-25848",
      "modified": "2023-12-13T01:23:21.520270Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2021-25848",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to using fixed loop counter variable without checking the actual available length via a crafted lldp packet."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.moxa.com/en/",
            "refsource": "MISC",
            "url": "https://www.moxa.com/en/"
          },
          {
            "name": "https://www.moxa.com/en/support/product-support/security-advisory/vport-06ec-2v-series-ip-cameras-vulnerabilities",
            "refsource": "MISC",
            "url": "https://www.moxa.com/en/support/product-support/security-advisory/vport-06ec-2v-series-ip-cameras-vulnerabilities"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:moxa:vport_06ec-2v26m_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:moxa:vport_06ec-2v26m:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:moxa:vport_06ec-2v36m-t_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:moxa:vport_06ec-2v36m-t:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:moxa:vport_06ec-2v36m-ct_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:moxa:vport_06ec-2v36m-ct:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:moxa:vport_06ec-2v36m-ct-t_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:moxa:vport_06ec-2v36m-ct-t:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:moxa:vport_06ec-2v42m_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:moxa:vport_06ec-2v42m:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:moxa:vport_06ec-2v42m-t_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:moxa:vport_06ec-2v42m-t:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:moxa:vport_06ec-2v42m-ct_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:moxa:vport_06ec-2v42m-ct:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:moxa:vport_06ec-2v42m-ct-t_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:moxa:vport_06ec-2v42m-ct-t:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:moxa:vport_06ec-2v60m_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:moxa:vport_06ec-2v60m:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:moxa:vport_06ec-2v60m-t_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:moxa:vport_06ec-2v60m-t:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:moxa:vport_06ec-2v60m-ct_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:moxa:vport_06ec-2v60m-ct:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:moxa:vport_06ec-2v60m-ct-t_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:moxa:vport_06ec-2v60m-ct-t:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:moxa:vport_06ec-2v80m_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:moxa:vport_06ec-2v80m:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:moxa:vport_06ec-2v80m-t_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:moxa:vport_06ec-2v80m-t:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:moxa:vport_06ec-2v80m-ct_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:moxa:vport_06ec-2v80m-ct:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:moxa:vport_06ec-2v80m-ct-t_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:moxa:vport_06ec-2v80m-ct-t:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-25848"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to using fixed loop counter variable without checking the actual available length via a crafted lldp packet."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-125"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.moxa.com/en/",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.moxa.com/en/"
            },
            {
              "name": "https://www.moxa.com/en/support/product-support/security-advisory/vport-06ec-2v-series-ip-cameras-vulnerabilities",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.moxa.com/en/support/product-support/security-advisory/vport-06ec-2v-series-ip-cameras-vulnerabilities"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 8.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 7.8,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.2
        }
      },
      "lastModifiedDate": "2021-05-18T19:57Z",
      "publishedDate": "2021-05-10T11:15Z"
    }
  }
}

VAR-202105-0810

Vulnerability from variot - Updated: 2025-01-30 20:07

Moxa Camera VPort 06EC-2V has security vulnerabilities. The attacker can control the loop counter variable through the elaborate lldp data packet to obtain the leaked information

Show details on source website

JSON

To clipboard Create KEV Entry

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202105-0810",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "vport 06ec-2v42m",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "moxa",
        "version": "1.1"
      },
      {
        "model": "vport 06ec-2v80m-t",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "moxa",
        "version": "1.1"
      },
      {
        "model": "vport 06ec-2v36m-ct-t",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "moxa",
        "version": "1.1"
      },
      {
        "model": "vport 06ec-2v42m-ct-t",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "moxa",
        "version": "1.1"
      },
      {
        "model": "vport 06ec-2v36m-ct",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "moxa",
        "version": "1.1"
      },
      {
        "model": "vport 06ec-2v60m-t",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "moxa",
        "version": "1.1"
      },
      {
        "model": "vport 06ec-2v26m",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "moxa",
        "version": "1.1"
      },
      {
        "model": "vport 06ec-2v36m-t",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "moxa",
        "version": "1.1"
      },
      {
        "model": "vport 06ec-2v60m-ct",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "moxa",
        "version": "1.1"
      },
      {
        "model": "vport 06ec-2v60m",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "moxa",
        "version": "1.1"
      },
      {
        "model": "vport 06ec-2v80m-ct-t",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "moxa",
        "version": "1.1"
      },
      {
        "model": "vport 06ec-2v60m-ct-t",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "moxa",
        "version": "1.1"
      },
      {
        "model": "vport 06ec-2v80m-ct",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "moxa",
        "version": "1.1"
      },
      {
        "model": "vport 06ec-2v42m-ct",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "moxa",
        "version": "1.1"
      },
      {
        "model": "vport 06ec-2v42m-t",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "moxa",
        "version": "1.1"
      },
      {
        "model": "vport 06ec-2v80m",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "moxa",
        "version": "1.1"
      },
      {
        "model": "camera vport 06ec-2v",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "moxa",
        "version": "\u003c=1.1"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-36217"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-25848"
      }
    ]
  },
  "cve": "CVE-2021-25848",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 8.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2021-25848",
            "impactScore": 7.8,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 1.1,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 8.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2021-36217",
            "impactScore": 7.8,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2021-25848",
            "impactScore": 5.2,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2021-25848",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2021-36217",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202105-496",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-25848",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-36217"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-25848"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202105-496"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-25848"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to using fixed loop counter variable without checking the actual available length via a crafted lldp packet. Moxa Camera VPort 06EC-2V is a camera equipment of Taiwan Moxa (MOXA) Company. \n\r\n\r\nMoxa Camera VPort 06EC-2V has security vulnerabilities. The attacker can control the loop counter variable through the elaborate lldp data packet to obtain the leaked information",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-25848"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-36217"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-25848"
      }
    ],
    "trust": 1.53
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-25848",
        "trust": 2.4
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-36217",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202105-496",
        "trust": 0.6
      },
      {
        "db": "OTHER",
        "id": "NONE",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-25848",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "OTHER",
        "id": null
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-36217"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-25848"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202105-496"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-25848"
      }
    ]
  },
  "id": "VAR-202105-0810",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "OTHER",
        "id": null
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-36217"
      }
    ],
    "trust": 1.7
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      },
      {
        "category": [
          "camera device"
        ],
        "sub_category": "camera",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "OTHER",
        "id": null
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-36217"
      }
    ]
  },
  "last_update_date": "2025-01-30T20:07:07.108000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Patch for Moxa Camera VPort 06EC-2V has unspecified vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/266091"
      },
      {
        "title": "Moxa Camera VPort 06EC-2V Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=151215"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-36217"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202105-496"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-125",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-25848"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "https://www.moxa.com/en/support/product-support/security-advisory/vport-06ec-2v-series-ip-cameras-vulnerabilities"
      },
      {
        "trust": 1.7,
        "url": "https://www.moxa.com/en/"
      },
      {
        "trust": 0.1,
        "url": "https://ieeexplore.ieee.org/abstract/document/10769424"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/125.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "OTHER",
        "id": null
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-36217"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-25848"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202105-496"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-25848"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "OTHER",
        "id": null
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-36217"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-25848"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202105-496"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-25848"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-05-21T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-36217"
      },
      {
        "date": "2021-05-10T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-25848"
      },
      {
        "date": "2021-05-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202105-496"
      },
      {
        "date": "2021-05-10T11:15:07.937000",
        "db": "NVD",
        "id": "CVE-2021-25848"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-05-21T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-36217"
      },
      {
        "date": "2021-05-18T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-25848"
      },
      {
        "date": "2021-05-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202105-496"
      },
      {
        "date": "2021-05-18T19:57:49.490000",
        "db": "NVD",
        "id": "CVE-2021-25848"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202105-496"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Moxa Camera VPort 06EC-2V has unspecified vulnerabilities",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-36217"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202105-496"
      }
    ],
    "trust": 0.6
  }
}

CERTFR-2021-AVI-197

Vulnerability from certfr_avis - Published: 2021-03-16 - Updated: 2021-05-25

De multiples vulnérabilités ont été découvertes dans Moxa VPort. Elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Moxa	N/A	VPort séries 06EC-2V versions 1.1 et antérieures

References

Title

Publication Time

GHSA-6HJ5-2QM8-82C7

Vulnerability from github – Published: 2022-05-24 19:01 – Updated: 2022-05-24 19:01

Details

Show details on source website

JSON

To clipboard Create KEV Entry

{
  "affected": [],
  "aliases": [
    "CVE-2021-25848"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-05-10T11:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to using fixed loop counter variable without checking the actual available length via a crafted lldp packet.",
  "id": "GHSA-6hj5-2qm8-82c7",
  "modified": "2022-05-24T19:01:56Z",
  "published": "2022-05-24T19:01:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25848"
    },
    {
      "type": "WEB",
      "url": "https://www.moxa.com/en"
    },
    {
      "type": "WEB",
      "url": "https://www.moxa.com/en/support/product-support/security-advisory/vport-06ec-2v-series-ip-cameras-vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CNVD-2021-36217

Vulnerability from cnvd - Published: 2021-05-21

Title

Moxa Camera VPort 06EC-2V存在未明漏洞

Description

Moxa Camera VPort 06EC-2V是中国台湾摩莎（MOXA）公司的一个摄像机设备。 Moxa Camera VPort 06EC-2V 存在安全漏洞。攻击者可通过精心制作的lldp数据包控制循环计数器变量从而获取泄露的信息。

Severity

高

Patch Name

Moxa Camera VPort 06EC-2V存在未明漏洞的补丁

Patch Description

Moxa Camera VPort 06EC-2V是中国台湾摩莎（MOXA）公司的一个摄像机设备。 Moxa Camera VPort 06EC-2V 存在安全漏洞。攻击者可通过精心制作的lldp数据包控制循环计数器变量从而获取泄露的信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.moxa.com/en/support/product-support/security-advisory/vport-06ec-2v-series-ip-cameras-vulnerabilities

Reference

https://www.moxa.com/en/support/product-support/security-advisory/vport-06ec-2v-series-ip-cameras-vulnerabilities

Impacted products

Name
MOXA Camera VPort 06EC-2V <=1.1

Show details on source website

JSON

To clipboard Create KEV Entry

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-25848"
    }
  },
  "description": "Moxa Camera VPort 06EC-2V\u662f\u4e2d\u56fd\u53f0\u6e7e\u6469\u838e\uff08MOXA\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u6444\u50cf\u673a\u8bbe\u5907\u3002\n\nMoxa Camera VPort 06EC-2V \u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u7cbe\u5fc3\u5236\u4f5c\u7684lldp\u6570\u636e\u5305\u63a7\u5236\u5faa\u73af\u8ba1\u6570\u5668\u53d8\u91cf\u4ece\u800c\u83b7\u53d6\u6cc4\u9732\u7684\u4fe1\u606f\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.moxa.com/en/support/product-support/security-advisory/vport-06ec-2v-series-ip-cameras-vulnerabilities",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-36217",
  "openTime": "2021-05-21",
  "patchDescription": "Moxa Camera VPort 06EC-2V\u662f\u4e2d\u56fd\u53f0\u6e7e\u6469\u838e\uff08MOXA\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u6444\u50cf\u673a\u8bbe\u5907\u3002\r\n\r\nMoxa Camera VPort 06EC-2V \u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u7cbe\u5fc3\u5236\u4f5c\u7684lldp\u6570\u636e\u5305\u63a7\u5236\u5faa\u73af\u8ba1\u6570\u5668\u53d8\u91cf\u4ece\u800c\u83b7\u53d6\u6cc4\u9732\u7684\u4fe1\u606f\u3002 \u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Moxa Camera VPort 06EC-2V\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "MOXA Camera VPort 06EC-2V \u003c=1.1"
  },
  "referenceLink": "https://www.moxa.com/en/support/product-support/security-advisory/vport-06ec-2v-series-ip-cameras-vulnerabilities",
  "serverity": "\u9ad8",
  "submitTime": "2021-05-12",
  "title": "Moxa Camera VPort 06EC-2V\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}

FKIE_CVE-2021-25848

Vulnerability from fkie_nvd - Published: 2021-05-10 11:15 - Updated: 2024-11-21 05:55

Severity ?

9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Summary

References

URL	Tags
cve@mitre.org	https://www.moxa.com/en/	Vendor Advisory
cve@mitre.org	https://www.moxa.com/en/support/product-support/security-advisory/vport-06ec-2v-series-ip-cameras-vulnerabilities	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.moxa.com/en/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.moxa.com/en/support/product-support/security-advisory/vport-06ec-2v-series-ip-cameras-vulnerabilities	Vendor Advisory

Impacted products

Vendor	Product	Version
moxa	vport_06ec-2v26m_firmware	*
moxa	vport_06ec-2v26m	-
moxa	vport_06ec-2v36m-t_firmware	*
moxa	vport_06ec-2v36m-t	-
moxa	vport_06ec-2v36m-ct_firmware	*
moxa	vport_06ec-2v36m-ct	-
moxa	vport_06ec-2v36m-ct-t_firmware	*
moxa	vport_06ec-2v36m-ct-t	-
moxa	vport_06ec-2v42m_firmware	*
moxa	vport_06ec-2v42m	-
moxa	vport_06ec-2v42m-t_firmware	*
moxa	vport_06ec-2v42m-t	-
moxa	vport_06ec-2v42m-ct_firmware	*
moxa	vport_06ec-2v42m-ct	-
moxa	vport_06ec-2v42m-ct-t_firmware	*
moxa	vport_06ec-2v42m-ct-t	-
moxa	vport_06ec-2v60m_firmware	*
moxa	vport_06ec-2v60m	-
moxa	vport_06ec-2v60m-t_firmware	*
moxa	vport_06ec-2v60m-t	-
moxa	vport_06ec-2v60m-ct_firmware	*
moxa	vport_06ec-2v60m-ct	-
moxa	vport_06ec-2v60m-ct-t_firmware	*
moxa	vport_06ec-2v60m-ct-t	-
moxa	vport_06ec-2v80m_firmware	*
moxa	vport_06ec-2v80m	-
moxa	vport_06ec-2v80m-t_firmware	*
moxa	vport_06ec-2v80m-t	-
moxa	vport_06ec-2v80m-ct_firmware	*
moxa	vport_06ec-2v80m-ct	-
moxa	vport_06ec-2v80m-ct-t_firmware	*
moxa	vport_06ec-2v80m-ct-t	-

JSON

To clipboard Create KEV Entry

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:moxa:vport_06ec-2v26m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A045609-DB72-4D4E-96EB-F43A03E6AAE4",
              "versionEndIncluding": "1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:moxa:vport_06ec-2v26m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AB3C716-2ECC-44B7-9AD9-7F198ABE7B24",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:moxa:vport_06ec-2v36m-t_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "15F70B46-0F34-46DE-AE74-C7468E634285",
              "versionEndIncluding": "1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:moxa:vport_06ec-2v36m-t:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B868CC06-2F7F-4951-88BF-37488D52FC55",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:moxa:vport_06ec-2v36m-ct_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E748BCD-CBB5-4FB2-9DE0-3B3B7E5304A5",
              "versionEndIncluding": "1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:moxa:vport_06ec-2v36m-ct:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A2B0E14-196A-47C2-A721-7DBF15E5F06F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:moxa:vport_06ec-2v36m-ct-t_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F035BE-103B-466D-8AC7-1CEF91072C4D",
              "versionEndIncluding": "1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:moxa:vport_06ec-2v36m-ct-t:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A855BB2-C047-452E-9DD9-2C3233FAB568",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:moxa:vport_06ec-2v42m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AF372A2-E2D2-40B4-8BA5-205C53CDAF40",
              "versionEndIncluding": "1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:moxa:vport_06ec-2v42m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "729825E5-E15A-487B-9FDD-153ED5488BA9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:moxa:vport_06ec-2v42m-t_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8DCAC04-4AB7-47B8-A9F7-92EB8D4B4E81",
              "versionEndIncluding": "1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:moxa:vport_06ec-2v42m-t:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D940BF75-4F82-4D20-991E-BD4EB0F4ED1C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:moxa:vport_06ec-2v42m-ct_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AC04DAF-F491-4934-96FD-F86D51C81428",
              "versionEndIncluding": "1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:moxa:vport_06ec-2v42m-ct:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1989369B-A59E-4281-8896-5EC6C6B035A7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:moxa:vport_06ec-2v42m-ct-t_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E932C821-8B10-409C-BB75-839314C51799",
              "versionEndIncluding": "1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:moxa:vport_06ec-2v42m-ct-t:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EAB1E29-5138-4BDA-A314-4BCA75599600",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:moxa:vport_06ec-2v60m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A92C31E4-45BB-4598-AB2C-BDA3BC8FF0A1",
              "versionEndIncluding": "1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:moxa:vport_06ec-2v60m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C52196-9B1A-45BC-B14F-E2A1D7DDCDE8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:moxa:vport_06ec-2v60m-t_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B51442C2-72B1-4A5D-A6F2-DB41B8FE1219",
              "versionEndIncluding": "1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:moxa:vport_06ec-2v60m-t:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C7E4C20-9544-4B83-8113-36F4AC9D55CD",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:moxa:vport_06ec-2v60m-ct_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9D8EDFF-ED6D-452C-9BC9-80C678DF074F",
              "versionEndIncluding": "1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:moxa:vport_06ec-2v60m-ct:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF751858-BDA7-4771-80D1-72106C418C96",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:moxa:vport_06ec-2v60m-ct-t_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "34990DFD-AB95-4A6D-A480-BC68001D4965",
              "versionEndIncluding": "1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:moxa:vport_06ec-2v60m-ct-t:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CE0C80E-8849-4271-90F6-813371C84AE8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:moxa:vport_06ec-2v80m_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A696CAEC-DF2A-4316-B7D6-1D7F841692E0",
              "versionEndIncluding": "1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:moxa:vport_06ec-2v80m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DBA1F22-198C-4DCB-9A82-D7B350B27B33",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:moxa:vport_06ec-2v80m-t_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FB44FAB-EFE6-4D98-AFDD-7E466D1CC356",
              "versionEndIncluding": "1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:moxa:vport_06ec-2v80m-t:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "442FAF51-C13B-47B9-BC98-287778244A55",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:moxa:vport_06ec-2v80m-ct_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73BCB213-2D83-40D2-913B-5331BEFFC53C",
              "versionEndIncluding": "1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:moxa:vport_06ec-2v80m-ct:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "89117711-F723-4AC6-AB0E-40B71CDB3E0F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:moxa:vport_06ec-2v80m-ct-t_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5097591-8E80-42D1-A14A-5DD8EBF75EC0",
              "versionEndIncluding": "1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:moxa:vport_06ec-2v80m-ct-t:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E07DB8C8-41D7-462E-9AFD-C28ACBB3E0F5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to using fixed loop counter variable without checking the actual available length via a crafted lldp packet."
    },
    {
      "lang": "es",
      "value": "Una comprobaci\u00f3n inapropiada del campo de longitud de LLDP-MED TLV en el archivo userdisk/vport_lldpd en Moxa Camera VPort 06EC-2V Series, versi\u00f3n 1.1, permite una divulgaci\u00f3n de informaci\u00f3n a los atacantes debido al uso de la variable de contador de bucle fijo sin comprobar la longitud real disponible por medio de un paquete lldp dise\u00f1ado"
    }
  ],
  "id": "CVE-2021-25848",
  "lastModified": "2024-11-21T05:55:31.543",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 8.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 7.8,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-05-10T11:15:07.937",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.moxa.com/en/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.moxa.com/en/support/product-support/security-advisory/vport-06ec-2v-series-ip-cameras-vulnerabilities"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.moxa.com/en/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.moxa.com/en/support/product-support/security-advisory/vport-06ec-2v-series-ip-cameras-vulnerabilities"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-25848 (GCVE-0-2021-25848)

GSD-2021-25848

VAR-202105-0810

CERTFR-2021-AVI-197

Solution

GHSA-6HJ5-2QM8-82C7

CNVD-2021-36217

FKIE_CVE-2021-25848

Tags

Sightings

Nomenclature