Details of VAR-202102-0900

ID

VAR-202102-0900

CVE

CVE-2021-20067

TITLE

Racom MIDGE Information leakage vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2021-003829

DESCRIPTION

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to view sensitive syslog events without authentication. Racom MIDGE There is an information leakage vulnerability in the firmware.Information may be obtained. RACOM M!DGE is a cellular router designed for mission-critical applications such as SCADA and telemetry, and is very suitable for many different wireless applications

Trust: 2.16

sources: NVD: CVE-2021-20067 // JVNDB: JVNDB-2021-003829 // CNVD: CNVD-2021-12626

IOT TAXONOMY

category:

['ICS', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-12626

AFFECTED PRODUCTS

vendor:	racom	model:	m\!dge	scope:	eq	version:	4.4.40.105	Trust: 1.0
vendor:	racom	model:	midge	scope:	eq	version:	midge firmware 4.4.40.105	Trust: 0.8
vendor:	racom	model:	midge	scope:	eq	version:	-	Trust: 0.8
vendor:	racom	model:	m!dge	scope:	eq	version:	4.4.40.105	Trust: 0.6

sources: CNVD: CNVD-2021-12626 // JVNDB: JVNDB-2021-003829 // NVD: CVE-2021-20067

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-20067
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-20067
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2021-12626
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202102-1244
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2021-20067
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-12626
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-20067
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2021-20067
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-12626 // JVNDB: JVNDB-2021-003829 // CNNVD: CNNVD-202102-1244 // NVD: CVE-2021-20067

PROBLEMTYPE DATA

problemtype:	CWE-306	Trust: 1.0
problemtype:	information leak (CWE-200) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-003829 // NVD: CVE-2021-20067

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202102-1244

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202102-1244

PATCH

title:

Top Page

url:

https://www.racom.eu/

Trust: 0.8

sources: JVNDB: JVNDB-2021-003829

EXTERNAL IDS

db:	NVD	id:	CVE-2021-20067	Trust: 3.0
db:	TENABLE	id:	TRA-2021-04	Trust: 2.4
db:	JVNDB	id:	JVNDB-2021-003829	Trust: 0.8
db:	CNVD	id:	CNVD-2021-12626	Trust: 0.6
db:	CNNVD	id:	CNNVD-202102-1244	Trust: 0.6

sources: CNVD: CNVD-2021-12626 // JVNDB: JVNDB-2021-003829 // CNNVD: CNNVD-202102-1244 // NVD: CVE-2021-20067

REFERENCES

url:	https://www.tenable.com/security/research/tra-2021-04	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20067	Trust: 2.0

sources: CNVD: CNVD-2021-12626 // JVNDB: JVNDB-2021-003829 // CNNVD: CNNVD-202102-1244 // NVD: CVE-2021-20067

SOURCES

db:	CNVD	id:	CNVD-2021-12626
db:	JVNDB	id:	JVNDB-2021-003829
db:	CNNVD	id:	CNNVD-202102-1244
db:	NVD	id:	CVE-2021-20067

LAST UPDATE DATE

2024-11-23T21:58:48.150000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-12626	date:	2021-02-25T00:00:00
db:	JVNDB	id:	JVNDB-2021-003829	date:	2021-11-05T09:02:00
db:	CNNVD	id:	CNNVD-202102-1244	date:	2021-03-01T00:00:00
db:	NVD	id:	CVE-2021-20067	date:	2024-11-21T05:45:51.857

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-12626	date:	2021-02-25T00:00:00
db:	JVNDB	id:	JVNDB-2021-003829	date:	2021-11-05T00:00:00
db:	CNNVD	id:	CNNVD-202102-1244	date:	2021-02-16T00:00:00
db:	NVD	id:	CVE-2021-20067	date:	2021-02-16T20:15:15.923