Details of VAR-202102-1422

ID

VAR-202102-1422

CVE

CVE-2021-27179

TITLE

FiberHome HG6245D Input verification vulnerability in device

Trust: 0.8

sources: JVNDB: JVNDB-2021-003397

DESCRIPTION

An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to crash the telnet daemon by sending a certain 0a 65 6e 61 62 6c 65 0a 02 0a 1a 0a string. FiberHome HG6245D The device contains an input verification vulnerability.Denial of service (DoS) It may be put into a state. HG6245D is a FTTH ONT router launched by FiberHome. FiberHome HG6245D has a denial of service vulnerability. An attacker can exploit this vulnerability by sending a specific string to cause the telnet daemon to crash

Trust: 2.16

sources: NVD: CVE-2021-27179 // JVNDB: JVNDB-2021-003397 // CNVD: CNVD-2021-11354

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-11354

AFFECTED PRODUCTS

vendor:	fiberhome	model:	hg6245d	scope:	lte	version:	rp2613	Trust: 1.0
vendor:	fiberhome group	model:	hg6245d	scope:	lte	version:	hg6245d firmware rp2613 until	Trust: 0.8
vendor:	fiberhome group	model:	hg6245d	scope:	eq	version:	-	Trust: 0.8
vendor:	fiberhome	model:	hg6245d	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2021-11354 // JVNDB: JVNDB-2021-003397 // NVD: CVE-2021-27179

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-27179
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-27179
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-11354
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202102-998
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2021-27179
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-11354
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-27179
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-27179
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-11354 // JVNDB: JVNDB-2021-003397 // CNNVD: CNNVD-202102-998 // NVD: CVE-2021-27179

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.0
problemtype:	Incorrect input confirmation (CWE-20) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-003397 // NVD: CVE-2021-27179

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202102-998

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202102-998

PATCH

title:	Top Page	url:	http://www.fiberhome.com/default.aspx	Trust: 0.8
title:	FiberHome HG6245D devices Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142617	Trust: 0.6

sources: JVNDB: JVNDB-2021-003397 // CNNVD: CNNVD-202102-998

EXTERNAL IDS

db:	NVD	id:	CVE-2021-27179	Trust: 3.0
db:	JVNDB	id:	JVNDB-2021-003397	Trust: 0.8
db:	CNVD	id:	CNVD-2021-11354	Trust: 0.6
db:	CNNVD	id:	CNNVD-202102-998	Trust: 0.6

sources: CNVD: CNVD-2021-11354 // JVNDB: JVNDB-2021-003397 // CNNVD: CNNVD-202102-998 // NVD: CVE-2021-27179

REFERENCES

url:	https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#telnet-cli-dos	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-27179	Trust: 2.0

sources: CNVD: CNVD-2021-11354 // JVNDB: JVNDB-2021-003397 // CNNVD: CNNVD-202102-998 // NVD: CVE-2021-27179

SOURCES

db:	CNVD	id:	CNVD-2021-11354
db:	JVNDB	id:	JVNDB-2021-003397
db:	CNNVD	id:	CNNVD-202102-998
db:	NVD	id:	CVE-2021-27179

LAST UPDATE DATE

2024-11-23T23:01:04.672000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-11354	date:	2021-02-22T00:00:00
db:	JVNDB	id:	JVNDB-2021-003397	date:	2021-10-26T06:36:00
db:	CNNVD	id:	CNNVD-202102-998	date:	2021-02-24T00:00:00
db:	NVD	id:	CVE-2021-27179	date:	2024-11-21T05:57:30.020

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-11354	date:	2021-02-22T00:00:00
db:	JVNDB	id:	JVNDB-2021-003397	date:	2021-10-26T00:00:00
db:	CNNVD	id:	CNNVD-202102-998	date:	2021-02-10T00:00:00
db:	NVD	id:	CVE-2021-27179	date:	2021-02-10T19:15:15.573