Vulnerability-Lookup

CVE-2021-38701 (GCVE-0-2021-38701)

Vulnerability from cvelistv5 – Published: 2021-12-15 06:53 – Updated: 2024-08-04 01:51

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

CNVD-2022-05016

Vulnerability from cnvd - Published: 2022-01-19

Title

Motorola Solutions Avigilon跨站脚本漏洞

Description

Motorola Solutions Avigilon是美国Motorola Solutions公司的一系列安全摄像头。 Motorola Solutions Avigilon 存在跨站脚本漏洞，该漏洞源于缺少对用户提供的数据和输出的数据校验过滤。攻击者可利用该漏洞在客户端执行JavaScript代码。

Severity

低

Patch Name

Motorola Solutions Avigilon跨站脚本漏洞的补丁

Patch Description

Motorola Solutions Avigilon是美国Motorola Solutions公司的一系列安全摄像头。 Motorola Solutions Avigilon 存在跨站脚本漏洞，该漏洞源于缺少对用户提供的数据和输出的数据校验过滤。攻击者可利用该漏洞在客户端执行JavaScript代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.motorolasolutions.com/en_us/about/trust-center/security.html。

Reference

https://support.avigilon.com/s/feed/0D54y00006l9eCMCAY

Impacted products

Name
['Motorola Avigilon T200 <4.10.0.68', 'Motorola Avigilon T201 <4.10.0.68', 'Motorola Avigilon T290 <4.4.0.80', 'Motorola Avigilon T008 <2.2.0.86', 'Motorola Avigilon T205 <4.12.0.62', 'Motorola Avigilon T204 <3.28.0.166', 'Motorola Avigilon T100 <2.6.0.180', 'Motorola Avigilon T101 <2.6.0.180', 'Motorola Avigilon T102 <2.6.0.180', 'Motorola Avigilon T103 <2.6.0.180']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-38701",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-38701"
    }
  },
  "description": "Motorola Solutions Avigilon\u662f\u7f8e\u56fdMotorola Solutions\u516c\u53f8\u7684\u4e00\u7cfb\u5217\u5b89\u5168\u6444\u50cf\u5934\u3002\n\nMotorola Solutions Avigilon \u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f3a\u5c11\u5bf9\u7528\u6237\u63d0\u4f9b\u7684\u6570\u636e\u548c\u8f93\u51fa\u7684\u6570\u636e\u6821\u9a8c\u8fc7\u6ee4\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u5ba2\u6237\u7aef\u6267\u884cJavaScript\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.motorolasolutions.com/en_us/about/trust-center/security.html\u3002",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-05016",
  "openTime": "2022-01-19",
  "patchDescription": "Motorola Solutions Avigilon\u662f\u7f8e\u56fdMotorola Solutions\u516c\u53f8\u7684\u4e00\u7cfb\u5217\u5b89\u5168\u6444\u50cf\u5934\u3002\r\n\r\nMotorola Solutions Avigilon \u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f3a\u5c11\u5bf9\u7528\u6237\u63d0\u4f9b\u7684\u6570\u636e\u548c\u8f93\u51fa\u7684\u6570\u636e\u6821\u9a8c\u8fc7\u6ee4\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u5ba2\u6237\u7aef\u6267\u884cJavaScript\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Motorola Solutions Avigilon\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Motorola Avigilon T200 \u003c4.10.0.68",
      "Motorola Avigilon T201 \u003c4.10.0.68",
      "Motorola Avigilon T290 \u003c4.4.0.80",
      "Motorola Avigilon T008 \u003c2.2.0.86",
      "Motorola Avigilon T205 \u003c4.12.0.62",
      "Motorola Avigilon T204 \u003c3.28.0.166",
      "Motorola Avigilon T100 \u003c2.6.0.180",
      "Motorola Avigilon T101 \u003c2.6.0.180",
      "Motorola Avigilon T102 \u003c2.6.0.180",
      "Motorola Avigilon T103 \u003c2.6.0.180"
    ]
  },
  "referenceLink": "https://support.avigilon.com/s/feed/0D54y00006l9eCMCAY",
  "serverity": "\u4f4e",
  "submitTime": "2021-12-19",
  "title": "Motorola Solutions Avigilon\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}

GHSA-M7PX-CHFM-QXC5

Vulnerability from github – Published: 2021-12-16 00:02 – Updated: 2021-12-23 00:02

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-38701"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-15T07:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Certain Motorola Solutions Avigilon devices allow XSS in the administrative UI. This affects T200/201 before 4.10.0.68; T290 before 4.4.0.80; T008 before 2.2.0.86; T205 before 4.12.0.62; T204 before 3.28.0.166; and T100, T101, T102, and T103 before 2.6.0.180.",
  "id": "GHSA-m7px-chfm-qxc5",
  "modified": "2021-12-23T00:02:14Z",
  "published": "2021-12-16T00:02:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38701"
    },
    {
      "type": "WEB",
      "url": "https://support.avigilon.com/s/feed/0D54y00006l9eCMCAY"
    },
    {
      "type": "WEB",
      "url": "https://www.motorolasolutions.com/en_us/about/trust-center/security.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2021-38701

Vulnerability from fkie_nvd - Published: 2021-12-15 07:15 - Updated: 2024-11-21 06:17

Severity ?

4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Summary

References

URL	Tags
cve@mitre.org	https://support.avigilon.com/s/feed/0D54y00006l9eCMCAY	Vendor Advisory
cve@mitre.org	https://www.motorolasolutions.com/en_us/about/trust-center/security.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.avigilon.com/s/feed/0D54y00006l9eCMCAY	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.motorolasolutions.com/en_us/about/trust-center/security.html	Vendor Advisory

Impacted products

Vendor	Product	Version
motorola	t008_firmware	*
motorola	t008	-
motorola	t100_firmware	*
motorola	t100	-
motorola	t101_firmware	*
motorola	t101	-
motorola	t102_firmware	*
motorola	t102	-
motorola	t103_firmware	*
motorola	t103	-
motorola	t200_firmware	*
motorola	t200	-
motorola	t201_firmware	*
motorola	t201	-
motorola	t204_firmware	*
motorola	t204	-
motorola	t205_firmware	*
motorola	t205	-
motorola	t290_firmware	*
motorola	t290	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:motorola:t008_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD42F596-151C-43BF-821C-1157F58EF750",
              "versionEndExcluding": "2.2.0.86",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:motorola:t008:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "14021E52-2D46-4C9F-A004-85DA30D53C0B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:motorola:t100_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F78434DC-8D0E-4ABA-8FF2-84611D215F96",
              "versionEndExcluding": "2.6.0.180",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:motorola:t100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AF5D73D-15F4-4FAF-9BCA-3C43B992DBF6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:motorola:t101_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4690115-A15D-4984-9D1C-F64D2760A98E",
              "versionEndExcluding": "2.6.0.180",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:motorola:t101:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "86B178C9-6B65-4175-845B-54468AF25FF4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:motorola:t102_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "87B4B6E2-377F-4311-A74E-422AD6C00559",
              "versionEndExcluding": "2.6.0.180",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:motorola:t102:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F47D0AE7-05E3-4E9A-A948-591500CBA5C9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:motorola:t103_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E638D409-219A-4FAA-BFDE-97DC142698CD",
              "versionEndExcluding": "2.6.0.180",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:motorola:t103:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "985191A5-6159-4E74-9522-0F1CD6C66A4E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:motorola:t200_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "748E41DD-08E0-4D31-B4F6-08475B89303D",
              "versionEndExcluding": "4.10.0.68",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:motorola:t200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E43B84A6-833D-4AA1-9BD5-860521BF4297",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:motorola:t201_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "384EC8FE-DF26-4707-807C-5CF33D8283A0",
              "versionEndExcluding": "4.10.0.68",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:motorola:t201:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAC7B880-5BE4-498C-9204-26ABA5EA29F2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:motorola:t204_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFAB44E1-E0BA-40AF-AEB8-6A6E69BE400D",
              "versionEndExcluding": "3.28.0.166",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:motorola:t204:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "10037964-91DC-44C6-8CBE-69BCD3B8622D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:motorola:t205_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "49ADCACA-11CF-42D8-811D-2279F069165F",
              "versionEndExcluding": "4.12.0.62",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:motorola:t205:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0576B7DA-85AA-4312-ABE4-82C1B68C1747",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:motorola:t290_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBF7DF80-0D08-4205-B1BF-1AEBAB37B9FC",
              "versionEndExcluding": "4.4.0.80",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:motorola:t290:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D8989C8-27A7-48EE-A1AE-F1F5AF47439F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Certain Motorola Solutions Avigilon devices allow XSS in the administrative UI. This affects T200/201 before 4.10.0.68; T290 before 4.4.0.80; T008 before 2.2.0.86; T205 before 4.12.0.62; T204 before 3.28.0.166; and T100, T101, T102, and T103 before 2.6.0.180."
    },
    {
      "lang": "es",
      "value": "Determinados dispositivos Avigilon de Motorola Solutions permiten un ataque de tipo XSS en la interfaz de usuario administrativa. Esto afecta a dispositivos T200/201 versiones anteriores a 4.10.0.68; T290 versiones anteriores a 4.4.0.80; T008 versiones anteriores a 2.2.0.86; T205 versiones anteriores a 4.12.0.62; T204 versiones anteriores a 3.28.0.166; y T100, T101, T102 y T103 versiones anteriores a 2.6.0.180"
    }
  ],
  "id": "CVE-2021-38701",
  "lastModified": "2024-11-21T06:17:56.100",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-12-15T07:15:07.027",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.avigilon.com/s/feed/0D54y00006l9eCMCAY"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.motorolasolutions.com/en_us/about/trust-center/security.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.avigilon.com/s/feed/0D54y00006l9eCMCAY"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.motorolasolutions.com/en_us/about/trust-center/security.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-202112-0572

Vulnerability from variot - Updated: 2024-08-14 13:23

Certain Motorola Solutions Avigilon devices allow XSS in the administrative UI. This affects T200/201 before 4.10.0.68; T290 before 4.4.0.80; T008 before 2.2.0.86; T205 before 4.12.0.62; T204 before 3.28.0.166; and T100, T101, T102, and T103 before 2.6.0.180. plural Motorola Solutions Avigilon A cross-site scripting vulnerability exists in the device.Information may be obtained and information may be tampered with. Motorola Solutions Avigilon is a series of security cameras from Motorola Solutions in the United States. An attacker could exploit this vulnerability to execute JavaScript code on the client side

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0572",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "t101",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "motorola",
        "version": "2.6.0.180"
      },
      {
        "model": "t103",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "motorola",
        "version": "2.6.0.180"
      },
      {
        "model": "t201",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "motorola",
        "version": "4.10.0.68"
      },
      {
        "model": "t008",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "motorola",
        "version": "2.2.0.86"
      },
      {
        "model": "t200",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "motorola",
        "version": "4.10.0.68"
      },
      {
        "model": "t204",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "motorola",
        "version": "3.28.0.166"
      },
      {
        "model": "t102",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "motorola",
        "version": "2.6.0.180"
      },
      {
        "model": "t205",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "motorola",
        "version": "4.12.0.62"
      },
      {
        "model": "t290",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "motorola",
        "version": "4.4.0.80"
      },
      {
        "model": "t100",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "motorola",
        "version": "2.6.0.180"
      },
      {
        "model": "t204",
        "scope": null,
        "trust": 0.8,
        "vendor": "motorola",
        "version": null
      },
      {
        "model": "t103",
        "scope": null,
        "trust": 0.8,
        "vendor": "motorola",
        "version": null
      },
      {
        "model": "t008",
        "scope": null,
        "trust": 0.8,
        "vendor": "motorola",
        "version": null
      },
      {
        "model": "t201",
        "scope": null,
        "trust": 0.8,
        "vendor": "motorola",
        "version": null
      },
      {
        "model": "t290",
        "scope": null,
        "trust": 0.8,
        "vendor": "motorola",
        "version": null
      },
      {
        "model": "t101",
        "scope": null,
        "trust": 0.8,
        "vendor": "motorola",
        "version": null
      },
      {
        "model": "t102",
        "scope": null,
        "trust": 0.8,
        "vendor": "motorola",
        "version": null
      },
      {
        "model": "t100",
        "scope": null,
        "trust": 0.8,
        "vendor": "motorola",
        "version": null
      },
      {
        "model": "t200",
        "scope": null,
        "trust": 0.8,
        "vendor": "motorola",
        "version": null
      },
      {
        "model": "t205",
        "scope": null,
        "trust": 0.8,
        "vendor": "motorola",
        "version": null
      },
      {
        "model": "avigilon t200",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "motorola",
        "version": "4.10.0.68"
      },
      {
        "model": "avigilon t201",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "motorola",
        "version": "4.10.0.68"
      },
      {
        "model": "avigilon t290",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "motorola",
        "version": "4.4.0.80"
      },
      {
        "model": "avigilon t008",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "motorola",
        "version": "2.2.0.86"
      },
      {
        "model": "avigilon t205",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "motorola",
        "version": "4.12.0.62"
      },
      {
        "model": "avigilon t204",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "motorola",
        "version": "3.28.0.166"
      },
      {
        "model": "avigilon t100",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "motorola",
        "version": "2.6.0.180"
      },
      {
        "model": "avigilon t101",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "motorola",
        "version": "2.6.0.180"
      },
      {
        "model": "avigilon t102",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "motorola",
        "version": "2.6.0.180"
      },
      {
        "model": "avigilon t103",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "motorola",
        "version": "2.6.0.180"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-05016"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-016798"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-38701"
      }
    ]
  },
  "cve": "CVE-2021-38701",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.8,
            "id": "CVE-2021-38701",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.8,
            "id": "CNVD-2022-05016",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 1.7,
            "id": "CVE-2021-38701",
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.8,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2021-38701",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "High",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2021-38701",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2021-38701",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2022-05016",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202112-1328",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-05016"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-016798"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-1328"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-38701"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Certain Motorola Solutions Avigilon devices allow XSS in the administrative UI. This affects T200/201 before 4.10.0.68; T290 before 4.4.0.80; T008 before 2.2.0.86; T205 before 4.12.0.62; T204 before 3.28.0.166; and T100, T101, T102, and T103 before 2.6.0.180. plural Motorola Solutions Avigilon A cross-site scripting vulnerability exists in the device.Information may be obtained and information may be tampered with. Motorola Solutions Avigilon is a series of security cameras from Motorola Solutions in the United States. An attacker could exploit this vulnerability to execute JavaScript code on the client side",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-38701"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-016798"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-05016"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-38701",
        "trust": 3.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-016798",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-05016",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-1328",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-05016"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-016798"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-1328"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-38701"
      }
    ]
  },
  "id": "VAR-202112-0572",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-05016"
      }
    ],
    "trust": 1.2666667
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-05016"
      }
    ]
  },
  "last_update_date": "2024-08-14T13:23:03.484000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Welcome\u00a0to\u00a0Your\u00a0Avigilon\u00a0Support\u00a0Community Motorola\u00a0Solutions,\u00a0Inc",
        "trust": 0.8,
        "url": "https://support.avigilon.com/s/feed/0D54y00006l9eCMCAY"
      },
      {
        "title": "Patch for Motorola Solutions Avigilon Cross-Site Scripting Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/314696"
      },
      {
        "title": "Motorola Solutions Avigilon Fixes for cross-site scripting vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=174667"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-05016"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-016798"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-1328"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.0
      },
      {
        "problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-016798"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-38701"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "https://support.avigilon.com/s/feed/0d54y00006l9ecmcay"
      },
      {
        "trust": 1.6,
        "url": "https://www.motorolasolutions.com/en_us/about/trust-center/security.html"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-38701"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-05016"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-016798"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-1328"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-38701"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-05016"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-016798"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-1328"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-38701"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-01-19T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2022-05016"
      },
      {
        "date": "2022-12-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-016798"
      },
      {
        "date": "2021-12-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202112-1328"
      },
      {
        "date": "2021-12-15T07:15:07.027000",
        "db": "NVD",
        "id": "CVE-2021-38701"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-01-19T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2022-05016"
      },
      {
        "date": "2022-12-22T05:16:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-016798"
      },
      {
        "date": "2021-12-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202112-1328"
      },
      {
        "date": "2021-12-22T19:20:31.100000",
        "db": "NVD",
        "id": "CVE-2021-38701"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-1328"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Motorola Solutions Avigilon Cross-Site Scripting Vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-05016"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-1328"
      }
    ],
    "trust": 1.2
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-1328"
      }
    ],
    "trust": 0.6
  }
}

GSD-2021-38701

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-38701

Aliases

CVE-2021-38701

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-38701",
    "description": "Certain Motorola Solutions Avigilon devices allow XSS in the administrative UI. This affects T200/201 before 4.10.0.68; T290 before 4.4.0.80; T008 before 2.2.0.86; T205 before 4.12.0.62; T204 before 3.28.0.166; and T100, T101, T102, and T103 before 2.6.0.180.",
    "id": "GSD-2021-38701"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-38701"
      ],
      "details": "Certain Motorola Solutions Avigilon devices allow XSS in the administrative UI. This affects T200/201 before 4.10.0.68; T290 before 4.4.0.80; T008 before 2.2.0.86; T205 before 4.12.0.62; T204 before 3.28.0.166; and T100, T101, T102, and T103 before 2.6.0.180.",
      "id": "GSD-2021-38701",
      "modified": "2023-12-13T01:23:17.395782Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2021-38701",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Certain Motorola Solutions Avigilon devices allow XSS in the administrative UI. This affects T200/201 before 4.10.0.68; T290 before 4.4.0.80; T008 before 2.2.0.86; T205 before 4.12.0.62; T204 before 3.28.0.166; and T100, T101, T102, and T103 before 2.6.0.180."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.motorolasolutions.com/en_us/about/trust-center/security.html",
            "refsource": "MISC",
            "url": "https://www.motorolasolutions.com/en_us/about/trust-center/security.html"
          },
          {
            "name": "https://support.avigilon.com/s/feed/0D54y00006l9eCMCAY",
            "refsource": "CONFIRM",
            "url": "https://support.avigilon.com/s/feed/0D54y00006l9eCMCAY"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:motorola:t008_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.2.0.86",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:motorola:t008:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:motorola:t100_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.6.0.180",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:motorola:t100:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:motorola:t101_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.6.0.180",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:motorola:t101:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:motorola:t102_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.6.0.180",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:motorola:t102:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:motorola:t103_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.6.0.180",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:motorola:t103:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:motorola:t200_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.10.0.68",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:motorola:t200:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:motorola:t201_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.10.0.68",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:motorola:t201:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:motorola:t204_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.28.0.166",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:motorola:t204:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:motorola:t205_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.12.0.62",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:motorola:t205:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:motorola:t290_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.4.0.80",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:motorola:t290:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-38701"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Certain Motorola Solutions Avigilon devices allow XSS in the administrative UI. This affects T200/201 before 4.10.0.68; T290 before 4.4.0.80; T008 before 2.2.0.86; T205 before 4.12.0.62; T204 before 3.28.0.166; and T100, T101, T102, and T103 before 2.6.0.180."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.avigilon.com/s/feed/0D54y00006l9eCMCAY",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.avigilon.com/s/feed/0D54y00006l9eCMCAY"
            },
            {
              "name": "https://www.motorolasolutions.com/en_us/about/trust-center/security.html",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.motorolasolutions.com/en_us/about/trust-center/security.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 1.7,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2021-12-22T19:20Z",
      "publishedDate": "2021-12-15T07:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-38701 (GCVE-0-2021-38701)

CNVD-2022-05016

GHSA-M7PX-CHFM-QXC5

FKIE_CVE-2021-38701

VAR-202112-0572

GSD-2021-38701

Tags

Sightings

Nomenclature