CVE-2021-20641

Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/RS allows remote attackers to hijack the authentication of administrators via a specially crafted URL. As a result, unintended operations to the device such as changes of the device settings may be conducted.

CVSS v3 6.5 MEDIUM
CVSS v2.0 4.3 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://jvn.jp/en/jp/JVN96783542/index.html	Third Party Advisory
https://www.elecom.co.jp/news/security/20210126-01/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:logitech:lan-w300n\/rs_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:logitech:lan-w300n\/rs:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-02-12 07:15

Updated : 2024-02-28 18:08

NVD link : CVE-2021-20641

Mitre link : CVE-2021-20641

CVE.ORG link : CVE-2021-20641

JSON object : View

Products Affected

logitech

lan-w300n\/rs
lan-w300n\/rs_firmware

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

{"id": "CVE-2021-20641", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2021-02-12T07:15:14.873", "references": [{"url": "https://jvn.jp/en/jp/JVN96783542/index.html", "tags": ["Third Party Advisory"], "source": "vultures@jpcert.or.jp"}, {"url": "https://www.elecom.co.jp/news/security/20210126-01/", "tags": ["Vendor Advisory"], "source": "vultures@jpcert.or.jp"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/RS allows remote attackers to hijack the authentication of administrators via a specially crafted URL. As a result, unintended operations to the device such as changes of the device settings may be conducted."}, {"lang": "es", "value": "Una vulnerabilidad de tipo cross-site request forgery (CSRF) en LOGITEC LAN-W300N/RS, permite a atacantes remotos secuestrar la autenticaci\u00f3n de los administradores por medio de una URL especialmente dise\u00f1ada. Como resultado, se pueden realizar operaciones no deseadas en el dispositivo, como cambios en la configuraci\u00f3n del dispositivo"}], "lastModified": "2022-02-10T19:47:52.077", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:logitech:lan-w300n\\/rs_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58C9E26A-BDBC-44AD-AC82-A75B6D01868A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:logitech:lan-w300n\\/rs:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9D0B570C-E90F-4AE1-80F5-1083DB612F1D"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "vultures@jpcert.or.jp"}