CVE-2021-20676

M-System DL8 series (type A (DL8-A) versions prior to Ver3.0, type B (DL8-B) versions prior to Ver3.0, type C (DL8-C) versions prior to Ver3.0, type D (DL8-D) versions prior to Ver3.0, and type E (DL8-E) versions prior to Ver3.0) allows remote authenticated attackers to bypass access restriction and conduct prohibited operations via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
jpcertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
VendorProductVersion
m-systemdl8-a_firmware
𝑥
< 3.0.81
m-systemdl8-b_firmware
𝑥
< 3.0.77
m-systemdl8-c_firmware
𝑥
< 3.0.99
m-systemdl8-d_firmware
𝑥
< 3.0.91
m-systemdl8-e_firmware
𝑥
< 3.0.12
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://jvn.jp/en/jp/JVN47497535/index.html
https://www.m-system.co.jp/download_w/dl_dl8updaterE.html
https://jvn.jp/en/jp/JVN47497535/index.html
https://www.m-system.co.jp/download_w/dl_dl8updaterE.html