Details of VAR-202102-1413

ID

VAR-202102-1413

CVE

CVE-2021-27170

TITLE

FiberHome HG6245D devices default configuration problem vulnerability

Trust: 1.2

sources: CNVD: CNVD-2021-18377 // CNNVD: CNNVD-202102-990

DESCRIPTION

An issue was discovered on FiberHome HG6245D devices through RP2613. By default, there are no firewall rules for IPv6 connectivity, exposing the internal management interfaces to the Internet. FiberHome HG6245D A device contains a vulnerability in the insecure storage of important information.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. FiberHome HG6245D devices is a router of China FiberHome. Provide network connectivity function

Trust: 2.16

sources: NVD: CVE-2021-27170 // JVNDB: JVNDB-2021-003427 // CNVD: CNVD-2021-18377

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-18377

AFFECTED PRODUCTS

vendor:	fiberhome	model:	hg6245d	scope:	lte	version:	rp2613	Trust: 1.0
vendor:	fiberhome group	model:	hg6245d	scope:	lte	version:	hg6245d firmware rp2613 until	Trust: 0.8
vendor:	fiberhome group	model:	hg6245d	scope:	eq	version:	-	Trust: 0.8
vendor:	fiberhome	model:	hg6245d devices	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2021-18377 // JVNDB: JVNDB-2021-003427 // NVD: CVE-2021-27170

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-27170
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2021-27170
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2021-18377
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202102-990
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2021-27170
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-18377
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-27170
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-27170
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-18377 // JVNDB: JVNDB-2021-003427 // CNNVD: CNNVD-202102-990 // NVD: CVE-2021-27170

PROBLEMTYPE DATA

problemtype:	CWE-922	Trust: 1.0
problemtype:	Insecure storage of important information (CWE-922) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-003427 // NVD: CVE-2021-27170

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202102-990

TYPE

Default configuration problem

Trust: 0.6

sources: CNNVD: CNNVD-202102-990

PATCH

title:	Top Page	url:	http://www.fiberhome.com/default.aspx	Trust: 0.8
title:	Patch for FiberHome HG6245D devices default configuration problem vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/253651	Trust: 0.6
title:	Fiber Repair measures for default configuration problems	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142316	Trust: 0.6

sources: CNVD: CNVD-2021-18377 // JVNDB: JVNDB-2021-003427 // CNNVD: CNNVD-202102-990

EXTERNAL IDS

db:	NVD	id:	CVE-2021-27170	Trust: 3.0
db:	JVNDB	id:	JVNDB-2021-003427	Trust: 0.8
db:	CNVD	id:	CNVD-2021-18377	Trust: 0.6
db:	CNNVD	id:	CNNVD-202102-990	Trust: 0.6

sources: CNVD: CNVD-2021-18377 // JVNDB: JVNDB-2021-003427 // CNNVD: CNNVD-202102-990 // NVD: CVE-2021-27170

REFERENCES

url:	https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#insecure-ipv6	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-27170	Trust: 1.4
url:	https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#insecure	Trust: 0.6

sources: CNVD: CNVD-2021-18377 // JVNDB: JVNDB-2021-003427 // CNNVD: CNNVD-202102-990 // NVD: CVE-2021-27170

SOURCES

db:	CNVD	id:	CNVD-2021-18377
db:	JVNDB	id:	JVNDB-2021-003427
db:	CNNVD	id:	CNNVD-202102-990
db:	NVD	id:	CVE-2021-27170

LAST UPDATE DATE

2024-11-23T23:07:39.207000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-18377	date:	2021-03-18T00:00:00
db:	JVNDB	id:	JVNDB-2021-003427	date:	2021-10-26T08:51:00
db:	CNNVD	id:	CNNVD-202102-990	date:	2021-03-09T00:00:00
db:	NVD	id:	CVE-2021-27170	date:	2024-11-21T05:57:28.113

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-18377	date:	2021-03-18T00:00:00
db:	JVNDB	id:	JVNDB-2021-003427	date:	2021-10-26T00:00:00
db:	CNNVD	id:	CNNVD-202102-990	date:	2021-02-10T00:00:00
db:	NVD	id:	CVE-2021-27170	date:	2021-02-10T19:15:14.950