CVE-2021-20636

{"id": "CVE-2021-20636", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2021-02-12T07:15:14.543", "references": [{"url": "https://jvn.jp/en/jp/JVN96783542/index.html", "tags": ["Third Party Advisory"], "source": "vultures@jpcert.or.jp"}, {"url": "https://www.elecom.co.jp/news/security/20210126-01/", "tags": ["Vendor Advisory"], "source": "vultures@jpcert.or.jp"}, {"url": "https://jvn.jp/en/jp/JVN96783542/index.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.elecom.co.jp/news/security/20210126-01/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/PR5B allows remote attackers to hijack the authentication of administrators via a specially crafted URL. As a result, unintended operations to the device such as changes of the device settings may be conducted."}, {"lang": "es", "value": "Una vulnerabilidad de tipo cross-site request forgery (CSRF) en LOGITEC LAN-W300N/PR5B, permite a atacantes remotos secuestrar la autenticaci\u00f3n de los administradores por medio de una URL especialmente dise\u00f1ada. Como resultado, se pueden realizar operaciones no deseadas en el dispositivo, como cambios en la configuraci\u00f3n del dispositivo"}], "lastModified": "2024-11-21T05:46:55.197", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:logitech:lan-w300n\\/pr5b_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8390BE37-91F5-4B1B-B121-BF6147A79836"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:logitech:lan-w300n\\/pr5b:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4DC81E4C-AFD0-400D-9C51-D091D513A374"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "vultures@jpcert.or.jp"}