CVE-2021-20843

EUVD-2021-8253
Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted web page.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
Affected Products (NVD)
VendorProductVersion
yamahartx830_firmware
𝑥
≤ 15.02.17
yamahanvr510_firmware
𝑥
≤ 15.01.18
yamahanvr700w_firmware
𝑥
≤ 15.00.19
yamahartx1210_firmware
𝑥
≤ 14.01.38
ntt-westbiz_box_rtx830_firmware
𝑥
≤ 15.02.17
ntt-westbiz_box_nvr510_firmware
𝑥
< 15.01.18
ntt-westbiz_box_nvr700w_firmware
𝑥
≤ 15.00.19
ntt-westbiz_box_rtx1210_firmware
𝑥
≤ 14.01.38
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html
https://business.ntt-east.co.jp/topics/2021/11_09.html
https://jvn.jp/en/vu/JVNVU91161784/index.html
https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html
http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html
https://business.ntt-east.co.jp/topics/2021/11_09.html
https://jvn.jp/en/vu/JVNVU91161784/index.html
https://www.ntt-west.co.jp/smb/kiki_info/info/211109.html