Sign-up

ID

VAR-202112-0170


CVE

CVE-2021-20847


TITLE

Co., Ltd. NTT Made by docomo  Wi-Fi STATION SH-52A  Cross-site Scripting Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-000107

DESCRIPTION

Cross-site scripting vulnerability in Wi-Fi STATION SH-52A (38JP_1_11G, 38JP_1_11J, 38JP_1_11K, 38JP_1_11L, 38JP_1_26F, 38JP_1_26G, 38JP_1_26J, 38JP_2_03B, and 38JP_2_03C) allows a remote unauthenticated attacker to inject an arbitrary script via WebUI of the device. Co., Ltd. This vulnerability information is provided by the following persons based on Information Security Early Warning Partnership: IPA Report to JPCERT/CC Coordinated with the developers. Reporter : Yokohama National University Takayuki Sasaki MrOf the product WebUI Any script may be executed on the web browser of the user accessing

Trust: 1.62

sources: NVD: CVE-2021-20847 // JVNDB: JVNDB-2021-000107

IOT TAXONOMY

category:['network device']sub_category:Wi-Fi station

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:nttdocomomodel:wi-fi station sh-52ascope:eqversion:38jp_1_26f

Trust: 1.0

vendor:nttdocomomodel:wi-fi station sh-52ascope:eqversion:38jp_1_11k

Trust: 1.0

vendor:nttdocomomodel:wi-fi station sh-52ascope:eqversion:38jp_2_03b

Trust: 1.0

vendor:nttdocomomodel:wi-fi station sh-52ascope:eqversion:38jp_1_26g

Trust: 1.0

vendor:nttdocomomodel:wi-fi station sh-52ascope:eqversion:38jp_1_11l

Trust: 1.0

vendor:nttdocomomodel:wi-fi station sh-52ascope:eqversion:38jp_2_03c

Trust: 1.0

vendor:nttdocomomodel:wi-fi station sh-52ascope:eqversion:38jp_1_11g

Trust: 1.0

vendor:nttdocomomodel:wi-fi station sh-52ascope:eqversion:38jp_1_26j

Trust: 1.0

vendor:nttdocomomodel:wi-fi station sh-52ascope:eqversion:38jp_1_11j

Trust: 1.0

vendor:株式会社nttドコモmodel:wi-fi station sh-52ascope:eqversion:38jp_1_26j

Trust: 0.8

vendor:株式会社nttドコモmodel:wi-fi station sh-52ascope:eqversion:38jp_1_26g

Trust: 0.8

vendor:株式会社nttドコモmodel:wi-fi station sh-52ascope:eqversion:38jp_1_11j

Trust: 0.8

vendor:株式会社nttドコモmodel:wi-fi station sh-52ascope:eqversion:38jp_1_11k

Trust: 0.8

vendor:株式会社nttドコモmodel:wi-fi station sh-52ascope:eqversion:38jp_1_11l

Trust: 0.8

vendor:株式会社nttドコモmodel:wi-fi station sh-52ascope:eqversion: -

Trust: 0.8

vendor:株式会社nttドコモmodel:wi-fi station sh-52ascope:eqversion:38jp_2_03b

Trust: 0.8

vendor:株式会社nttドコモmodel:wi-fi station sh-52ascope:eqversion:38jp_2_03c

Trust: 0.8

vendor:株式会社nttドコモmodel:wi-fi station sh-52ascope:eqversion:38jp_1_26f

Trust: 0.8

sources: JVNDB: JVNDB-2021-000107 // NVD: CVE-2021-20847

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-20847
value: MEDIUM

Trust: 1.0

IPA: JVNDB-2021-000107
value: LOW

Trust: 0.8

CNNVD: CNNVD-202111-2343
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2021-20847
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2021-000107
severity: LOW
baseScore: 2.3
vectorString: AV:A/AC:M/AU:S/C:N/I:P/A:N
accessVector: ADJACENT NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

nvd@nist.gov: CVE-2021-20847
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

IPA: JVNDB-2021-000107
baseSeverity: LOW
baseScore: 2.9
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2021-000107 // CNNVD: CNNVD-202111-2343 // NVD: CVE-2021-20847

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.0

problemtype:Cross-site scripting (CWE-79) [IPA Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-000107 // NVD: CVE-2021-20847

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202111-2343

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202111-2343

PATCH

title:Wi-Fi STATION SH-52A Software update informationurl:https://www.nttdocomo.co.jp/support/product_update/sh52a/index.html

Trust: 0.8

title:elecom lan Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=172523

Trust: 0.6

sources: JVNDB: JVNDB-2021-000107 // CNNVD: CNNVD-202111-2343

EXTERNAL IDS

db:NVDid:CVE-2021-20847

Trust: 2.5

db:JVNid:JVN19482703

Trust: 2.4

db:JVNDBid:JVNDB-2021-000107

Trust: 1.4

db:CS-HELPid:SB2021113001

Trust: 0.6

db:CNNVDid:CNNVD-202111-2343

Trust: 0.6

db:OTHERid:NONE

Trust: 0.1

sources: OTHER: None // JVNDB: JVNDB-2021-000107 // CNNVD: CNNVD-202111-2343 // NVD: CVE-2021-20847

REFERENCES

url:https://jvn.jp/en/jp/jvn19482703/index.html

Trust: 1.6

url:https://www.nttdocomo.co.jp/support/product_update/sh52a/index.html

Trust: 1.6

url:https://jvn.jp/jp/jvn19482703/index.html

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021113001

Trust: 0.6

url:https://jvndb.jvn.jp/en/contents/2021/jvndb-2021-000107.html

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-20847

Trust: 0.6

url:https://ieeexplore.ieee.org/abstract/document/10769424

Trust: 0.1

sources: OTHER: None // JVNDB: JVNDB-2021-000107 // CNNVD: CNNVD-202111-2343 // NVD: CVE-2021-20847

SOURCES

db:OTHERid: -
db:JVNDBid:JVNDB-2021-000107
db:CNNVDid:CNNVD-202111-2343
db:NVDid:CVE-2021-20847

LAST UPDATE DATE

2025-01-30T22:23:57.484000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2021-000107date:2021-11-30T03:07:00
db:CNNVDid:CNNVD-202111-2343date:2021-12-08T00:00:00
db:NVDid:CVE-2021-20847date:2021-12-02T18:37:17.470

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2021-000107date:2021-11-30T00:00:00
db:CNNVDid:CNNVD-202111-2343date:2021-11-30T00:00:00
db:NVDid:CVE-2021-20847date:2021-12-01T03:15:06.590