Details of VAR-202106-2134

ID

VAR-202106-2134

TITLE

Shenzhen UTP Technology Co., Ltd. UTP-R3050-5GP has a SQL injection vulnerability

Trust: 0.6

sources: CNVD: CNVD-2021-37310

DESCRIPTION

Established in 2005, UTEPO is an industrial communication and intelligent Internet of Things solution provider with "Internet and Electricity Speed Connection" technology as the core. Based on technological innovation, it is a smart park, smart security, smart city, Provide smart IoT solutions in fields such as smart agriculture and smart manufacturing. Shenzhen UTP Technology Co., Ltd. UTP-R3050-5GP has a SQL injection vulnerability. Attackers can use the vulnerability to obtain sensitive information in the database.

Trust: 0.6

sources: CNVD: CNVD-2021-37310

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-37310

AFFECTED PRODUCTS

vendor:

utp

model:

utp-r3050-5gp

scope:

version:

v4.0

Trust: 0.6

sources: CNVD: CNVD-2021-37310

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2021-37310
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2021-37310
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2021-37310

EXTERNAL IDS

db:

CNVD

id:

CNVD-2021-37310

Trust: 0.6

sources: CNVD: CNVD-2021-37310

SOURCES

db:

CNVD

id:

CNVD-2021-37310

LAST UPDATE DATE

2022-05-04T09:15:24.265000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2021-37310

date:

2021-05-27T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2021-37310

date:

2021-06-24T00:00:00