Details of VAR-202106-2202

ID

VAR-202106-2202

TITLE

Shenzhen Infinova Technology Co., Ltd. INFINOVA NVR has command execution

Trust: 0.6

sources: CNVD: CNVD-2021-35757

DESCRIPTION

Infinova is the world's leading manufacturer of electronic security products and industry solutions provider. Shenzhen Infinova Technology Co., Ltd. INFINOVA NVR has command execution. Attackers can use this vulnerability to gain control of the server.

Trust: 0.6

sources: CNVD: CNVD-2021-35757

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-35757

AFFECTED PRODUCTS

vendor:

infinova

model:

nvr nvr2389-8-h

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2021-35757

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2021-35757
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2021-35757
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:H/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2021-35757

EXTERNAL IDS

db:

CNVD

id:

CNVD-2021-35757

Trust: 0.6

sources: CNVD: CNVD-2021-35757

SOURCES

db:

CNVD

id:

CNVD-2021-35757

LAST UPDATE DATE

2022-05-04T09:21:18.822000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2021-35757

date:

2021-05-20T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2021-35757

date:

2021-06-14T00:00:00