Sign-up

ID

VAR-202102-1371


CVE

CVE-2021-27140


TITLE

FiberHome HG6245D  Vulnerability in plaintext storage of important information on devices

Trust: 0.8

sources: JVNDB: JVNDB-2021-003576

DESCRIPTION

An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to find passwords and authentication cookies stored in cleartext in the web.log HTTP logs. FiberHome HG6245D A device contains a vulnerability in the plaintext storage of important information.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2021-27140 // JVNDB: JVNDB-2021-003576

AFFECTED PRODUCTS

vendor:fiberhomemodel:hg6245dscope:lteversion:rp2613

Trust: 1.0

vendor:fiberhome groupmodel:hg6245dscope:lteversion:hg6245d firmware rp2613 until

Trust: 0.8

vendor:fiberhome groupmodel:hg6245dscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-003576 // NVD: CVE-2021-27140

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-27140
value: HIGH

Trust: 1.0

NVD: CVE-2021-27140
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202102-959
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2021-27140
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2021-27140
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-27140
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2021-003576 // CNNVD: CNNVD-202102-959 // NVD: CVE-2021-27140

PROBLEMTYPE DATA

problemtype:CWE-312

Trust: 1.0

problemtype:Plaintext storage of important information (CWE-312) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-003576 // NVD: CVE-2021-27140

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202102-959

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-202102-959

PATCH

title:Top Pageurl:http://www.fiberhome.com/default.aspx

Trust: 0.8

title:Fiber Fixes for encryption problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142289

Trust: 0.6

sources: JVNDB: JVNDB-2021-003576 // CNNVD: CNNVD-202102-959

EXTERNAL IDS

db:NVDid:CVE-2021-27140

Trust: 2.4

db:JVNDBid:JVNDB-2021-003576

Trust: 0.8

db:CNNVDid:CNNVD-202102-959

Trust: 0.6

sources: JVNDB: JVNDB-2021-003576 // CNNVD: CNNVD-202102-959 // NVD: CVE-2021-27140

REFERENCES

url:https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#httpd-passwords-logs

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-27140

Trust: 0.8

url:httpd-passwords-logs

Trust: 0.6

url:https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#

Trust: 0.6

sources: JVNDB: JVNDB-2021-003576 // CNNVD: CNNVD-202102-959 // NVD: CVE-2021-27140

SOURCES

db:JVNDBid:JVNDB-2021-003576
db:CNNVDid:CNNVD-202102-959
db:NVDid:CVE-2021-27140

LAST UPDATE DATE

2024-11-23T23:07:39.260000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2021-003576date:2021-10-28T07:38:00
db:CNNVDid:CNNVD-202102-959date:2021-03-09T00:00:00
db:NVDid:CVE-2021-27140date:2024-11-21T05:57:23.720

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2021-003576date:2021-10-28T00:00:00
db:CNNVDid:CNNVD-202102-959date:2021-02-10T00:00:00
db:NVDid:CVE-2021-27140date:2021-02-10T19:15:12.683