Details of VAR-202104-1191

ID

VAR-202104-1191

CVE

CVE-2021-28075

TITLE

iKuaiOS Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-005295

DESCRIPTION

iKuaiOS 3.4.8 Build 202012291059 has an arbitrary file download vulnerability, which can be exploited by attackers to obtain sensitive information. iKuaiOS Contains an unspecified vulnerability.Information may be obtained. The business scope of Quanxun Convergence Network Technology (Beijing) Co., Ltd. includes: Internet information services; technology development, technology services, technology consulting, technology transfer, technology promotion, etc

Trust: 2.25

sources: NVD: CVE-2021-28075 // JVNDB: JVNDB-2021-005295 // CNVD: CNVD-2021-03496 // VULMON: CVE-2021-28075

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-03496

AFFECTED PRODUCTS

vendor:	ikuai8	model:	ikuaios	scope:	eq	version:	3.4.8	Trust: 1.0
vendor:	ikuai	model:	ikuaios	scope:	eq	version:	3.4.8 build 202012291059	Trust: 0.8
vendor:	ikuai	model:	ikuaios	scope:	eq	version:	-	Trust: 0.8
vendor:	quanxun convergence network	model:	ikuaios build202012291059	scope:	eq	version:	3.4.8	Trust: 0.6

sources: CNVD: CNVD-2021-03496 // JVNDB: JVNDB-2021-005295 // NVD: CVE-2021-28075

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-28075
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-28075
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-03496
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202104-384
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-28075
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-28075
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2021-03496
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-28075
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-28075
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-03496 // VULMON: CVE-2021-28075 // JVNDB: JVNDB-2021-005295 // CNNVD: CNNVD-202104-384 // NVD: CVE-2021-28075

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-005295 // NVD: CVE-2021-28075

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-384

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-384

PATCH

title:	Top Page	url:	https://www.ikuai8.com/	Trust: 0.8
title:	iKuai OS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147313	Trust: 0.6

sources: JVNDB: JVNDB-2021-005295 // CNNVD: CNNVD-202104-384

EXTERNAL IDS

db:	NVD	id:	CVE-2021-28075	Trust: 3.3
db:	CNVD	id:	CNVD-2021-03496	Trust: 3.1
db:	JVNDB	id:	JVNDB-2021-005295	Trust: 0.8
db:	CNNVD	id:	CNNVD-202104-384	Trust: 0.6
db:	VULMON	id:	CVE-2021-28075	Trust: 0.1

sources: CNVD: CNVD-2021-03496 // VULMON: CVE-2021-28075 // JVNDB: JVNDB-2021-005295 // CNNVD: CNNVD-202104-384 // NVD: CVE-2021-28075

REFERENCES

url:	https://www.cnvd.org.cn/flaw/show/cnvd-2021-03496	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-28075	Trust: 1.4
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2021-28075 // JVNDB: JVNDB-2021-005295 // CNNVD: CNNVD-202104-384 // NVD: CVE-2021-28075

SOURCES

db:	CNVD	id:	CNVD-2021-03496
db:	VULMON	id:	CVE-2021-28075
db:	JVNDB	id:	JVNDB-2021-005295
db:	CNNVD	id:	CNNVD-202104-384
db:	NVD	id:	CVE-2021-28075

LAST UPDATE DATE

2024-11-23T21:58:41.325000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-03496	date:	2021-01-21T00:00:00
db:	VULMON	id:	CVE-2021-28075	date:	2021-04-12T00:00:00
db:	JVNDB	id:	JVNDB-2021-005295	date:	2021-12-10T07:31:00
db:	CNNVD	id:	CNNVD-202104-384	date:	2021-04-19T00:00:00
db:	NVD	id:	CVE-2021-28075	date:	2024-11-21T05:59:03.617

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-03496	date:	2021-02-22T00:00:00
db:	VULMON	id:	CVE-2021-28075	date:	2021-04-06T00:00:00
db:	JVNDB	id:	JVNDB-2021-005295	date:	2021-12-10T00:00:00
db:	CNNVD	id:	CNNVD-202104-384	date:	2021-04-06T00:00:00
db:	NVD	id:	CVE-2021-28075	date:	2021-04-06T13:15:14.433