Sign-up

ID

VAR-202105-0809


CVE

CVE-2021-25847


TITLE

Moxa Camera VPort 06EC-2V has an unspecified vulnerability (CNVD-2021-36216)

Trust: 0.6

sources: CNVD: CNVD-2021-36216

DESCRIPTION

Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to controllable loop counter variable via a crafted lldp packet. Moxa Camera VPort 06EC-2V is a camera equipment of Taiwan Moxa (MOXA) Company. Moxa Camera VPort 06EC-2V has security vulnerabilities

Trust: 1.53

sources: NVD: CVE-2021-25847 // CNVD: CNVD-2021-36216 // VULMON: CVE-2021-25847

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

category:['camera device']sub_category:camera

Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2021-36216

AFFECTED PRODUCTS

vendor:moxamodel:vport 06ec-2v42mscope:lteversion:1.1

Trust: 1.0

vendor:moxamodel:vport 06ec-2v80m-tscope:lteversion:1.1

Trust: 1.0

vendor:moxamodel:vport 06ec-2v36m-ct-tscope:lteversion:1.1

Trust: 1.0

vendor:moxamodel:vport 06ec-2v42m-ct-tscope:lteversion:1.1

Trust: 1.0

vendor:moxamodel:vport 06ec-2v36m-ctscope:lteversion:1.1

Trust: 1.0

vendor:moxamodel:vport 06ec-2v60m-tscope:lteversion:1.1

Trust: 1.0

vendor:moxamodel:vport 06ec-2v26mscope:lteversion:1.1

Trust: 1.0

vendor:moxamodel:vport 06ec-2v36m-tscope:lteversion:1.1

Trust: 1.0

vendor:moxamodel:vport 06ec-2v60m-ctscope:lteversion:1.1

Trust: 1.0

vendor:moxamodel:vport 06ec-2v60mscope:lteversion:1.1

Trust: 1.0

vendor:moxamodel:vport 06ec-2v80m-ct-tscope:lteversion:1.1

Trust: 1.0

vendor:moxamodel:vport 06ec-2v60m-ct-tscope:lteversion:1.1

Trust: 1.0

vendor:moxamodel:vport 06ec-2v80m-ctscope:lteversion:1.1

Trust: 1.0

vendor:moxamodel:vport 06ec-2v42m-ctscope:lteversion:1.1

Trust: 1.0

vendor:moxamodel:vport 06ec-2v42m-tscope:lteversion:1.1

Trust: 1.0

vendor:moxamodel:vport 06ec-2v80mscope:lteversion:1.1

Trust: 1.0

vendor:moxamodel:camera vport 06ec-2vscope:lteversion:<=1.1

Trust: 0.6

sources: CNVD: CNVD-2021-36216 // NVD: CVE-2021-25847

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-25847
value: CRITICAL

Trust: 1.0

CNVD: CNVD-2021-36216
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202105-495
value: CRITICAL

Trust: 0.6

VULMON: CVE-2021-25847
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-25847
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

CNVD: CNVD-2021-36216
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-25847
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2021-36216 // VULMON: CVE-2021-25847 // CNNVD: CNNVD-202105-495 // NVD: CVE-2021-25847

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.0

sources: NVD: CVE-2021-25847

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202105-495

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202105-495

PATCH

title:Patch for Moxa Camera VPort 06EC-2V has an unspecified vulnerability (CNVD-2021-36216)url:https://www.cnvd.org.cn/patchInfo/show/266086

Trust: 0.6

title:Moxa Camera VPort 06EC-2V Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=151214

Trust: 0.6

sources: CNVD: CNVD-2021-36216 // CNNVD: CNNVD-202105-495

EXTERNAL IDS

db:NVDid:CVE-2021-25847

Trust: 2.4

db:CNVDid:CNVD-2021-36216

Trust: 0.6

db:CNNVDid:CNNVD-202105-495

Trust: 0.6

db:OTHERid:NONE

Trust: 0.1

db:VULMONid:CVE-2021-25847

Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2021-36216 // VULMON: CVE-2021-25847 // CNNVD: CNNVD-202105-495 // NVD: CVE-2021-25847

REFERENCES

url:https://www.moxa.com/en/support/product-support/security-advisory/vport-06ec-2v-series-ip-cameras-vulnerabilities

Trust: 2.3

url:https://www.moxa.com/en/

Trust: 1.7

url:https://ieeexplore.ieee.org/abstract/document/10769424

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/125.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2021-36216 // VULMON: CVE-2021-25847 // CNNVD: CNNVD-202105-495 // NVD: CVE-2021-25847

SOURCES

db:OTHERid: -
db:CNVDid:CNVD-2021-36216
db:VULMONid:CVE-2021-25847
db:CNNVDid:CNNVD-202105-495
db:NVDid:CVE-2021-25847

LAST UPDATE DATE

2025-01-30T20:23:42.225000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-36216date:2021-05-21T00:00:00
db:VULMONid:CVE-2021-25847date:2021-05-18T00:00:00
db:CNNVDid:CNNVD-202105-495date:2021-05-20T00:00:00
db:NVDid:CVE-2021-25847date:2021-05-18T20:02:33.230

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-36216date:2021-05-21T00:00:00
db:VULMONid:CVE-2021-25847date:2021-05-10T00:00:00
db:CNNVDid:CNNVD-202105-495date:2021-05-10T00:00:00
db:NVDid:CVE-2021-25847date:2021-05-10T11:15:07.903