Details of VAR-202104-1549

ID

VAR-202104-1549

CVE

CVE-2021-3460

TITLE

Motorola MH702 trust management issue vulnerability

Trust: 1.2

sources: CNVD: CNVD-2021-33240 // CNNVD: CNNVD-202104-843

DESCRIPTION

The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible by an attacker. Motorola MH702 is a router of Motorola (Motorola), USA. Motorola MH702x devices versions prior to 2.0.0.301 have a trust management issue vulnerability. Attackers can use the vulnerability to access the communication channel

Trust: 1.53

sources: NVD: CVE-2021-3460 // CNVD: CNVD-2021-33240 // VULMON: CVE-2021-3460

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-33240

AFFECTED PRODUCTS

vendor:	motorola	model:	mh702x	scope:	lt	version:	2.0.0.301	Trust: 1.0
vendor:	motorola	model:	mh702x device	scope:	lt	version:	2.0.0.301	Trust: 0.6

sources: CNVD: CNVD-2021-33240 // NVD: CVE-2021-3460

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-3460
value:	CRITICAL
Trust: 1.0
psirt@lenovo.com:	CVE-2021-3460
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2021-33240
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202104-843
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2021-3460
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-3460
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2021-33240
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-3460
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
psirt@lenovo.com:	CVE-2021-3460
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2021-33240 // VULMON: CVE-2021-3460 // CNNVD: CNNVD-202104-843 // NVD: CVE-2021-3460 // NVD: CVE-2021-3460

PROBLEMTYPE DATA

problemtype:

CWE-295

Trust: 1.0

sources: NVD: CVE-2021-3460

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-843

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202104-843

PATCH

title:

Patch for Motorola MH702 trust management issue vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/263951

Trust: 0.6

sources: CNVD: CNVD-2021-33240

EXTERNAL IDS

db:	NVD	id:	CVE-2021-3460	Trust: 2.3
db:	CNVD	id:	CNVD-2021-33240	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-843	Trust: 0.6
db:	VULMON	id:	CVE-2021-3460	Trust: 0.1

sources: CNVD: CNVD-2021-33240 // VULMON: CVE-2021-3460 // CNNVD: CNNVD-202104-843 // NVD: CVE-2021-3460

REFERENCES

url:	https://motorolamentor.zendesk.com/hc/en-us/articles/1260804087249	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3460	Trust: 1.2
url:	https://cwe.mitre.org/data/definitions/295.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2021-33240 // VULMON: CVE-2021-3460 // CNNVD: CNNVD-202104-843 // NVD: CVE-2021-3460

SOURCES

db:	CNVD	id:	CNVD-2021-33240
db:	VULMON	id:	CVE-2021-3460
db:	CNNVD	id:	CNNVD-202104-843
db:	NVD	id:	CVE-2021-3460

LAST UPDATE DATE

2024-11-23T22:44:09.945000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-33240	date:	2021-05-08T00:00:00
db:	VULMON	id:	CVE-2021-3460	date:	2021-04-21T00:00:00
db:	CNNVD	id:	CNNVD-202104-843	date:	2021-04-22T00:00:00
db:	NVD	id:	CVE-2021-3460	date:	2024-11-21T06:21:35.617

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-33240	date:	2021-05-08T00:00:00
db:	VULMON	id:	CVE-2021-3460	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202104-843	date:	2021-04-13T00:00:00
db:	NVD	id:	CVE-2021-3460	date:	2021-04-13T21:15:25.037