ID
VAR-202202-1180
CVE
CVE-2021-21968
TITLE
Sealevel Systems, Inc. SeaConnect 370W Input verification vulnerability in
Trust: 0.8
sources:
JVNDB: JVNDB-2022-004773
DESCRIPTION
A file write vulnerability exists in the OTA update task functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to arbitrary file overwrite. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. Sealevel Systems, Inc. SeaConnect 370W There is an input validation vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Used to remotely monitor and control the status of the actual I/O process
Trust: 2.7
sources:
NVD: CVE-2021-21968 //
JVNDB: JVNDB-2022-004773 //
CNVD: CNVD-2022-10699 //
CNNVD: CNNVD-202202-099
IOT TAXONOMY
| category: | ['IoT'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2022-10699
AFFECTED PRODUCTS
| vendor: | sealevel | model: | seaconnect 370w | scope: | eq | version: | 1.3.34 | Trust: 1.0 |
| vendor: | sealevel | model: | seaconnect 370w | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | sealevel | model: | seaconnect 370w | scope: | eq | version: | seaconnect 370w firmware 1.3.34 | Trust: 0.8 |
| vendor: | sealevel | model: | systems seaconnect 370w | scope: | eq | version: | v1.3.34 | Trust: 0.6 |
sources:
CNVD: CNVD-2022-10699 //
JVNDB: JVNDB-2022-004773 //
NVD: CVE-2021-21968
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
CNVD: CNVD-2022-10699 //
JVNDB: JVNDB-2022-004773 //
CNNVD: CNNVD-202202-099 //
NVD: CVE-2021-21968 //
NVD: CVE-2021-21968
PROBLEMTYPE DATA
| problemtype: | NVD-CWE-Other | Trust: 1.0 |
| problemtype: | CWE-20 | Trust: 1.0 |
| problemtype: | Inappropriate input confirmation (CWE-20) [NVD evaluation ] | Trust: 0.8 |
sources:
JVNDB: JVNDB-2022-004773 //
NVD: CVE-2021-21968
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-202202-099
TYPE
other
Trust: 0.6
sources:
CNNVD: CNNVD-202202-099
PATCH
| title: | Top Page | url: | https://www.sealevel.com/ | Trust: 0.8 |
| title: | Patch for Sealevel Systems SeaConnect 370W File Write Vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/319856 | Trust: 0.6 |
| title: | Sealevel Systems SeaConnect 370W Enter the fix for the verification error vulnerability | url: | http://123.124.177.30/web/xxk/bdxqById.tag?id=180570 | Trust: 0.6 |
sources:
CNVD: CNVD-2022-10699 //
JVNDB: JVNDB-2022-004773 //
CNNVD: CNNVD-202202-099
EXTERNAL IDS
| db: | NVD | id: | CVE-2021-21968 | Trust: 3.8 |
| db: | TALOS | id: | TALOS-2021-1395 | Trust: 3.0 |
| db: | JVNDB | id: | JVNDB-2022-004773 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2022-10699 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202202-099 | Trust: 0.6 |
sources:
CNVD: CNVD-2022-10699 //
JVNDB: JVNDB-2022-004773 //
CNNVD: CNNVD-202202-099 //
NVD: CVE-2021-21968
REFERENCES
| url: | https://talosintelligence.com/vulnerability_reports/talos-2021-1395 | Trust: 3.6 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2021-21968 | Trust: 1.4 |
sources:
CNVD: CNVD-2022-10699 //
JVNDB: JVNDB-2022-004773 //
CNNVD: CNNVD-202202-099 //
NVD: CVE-2021-21968
CREDITS
Discovered by Francesco Benvenuto and Matt Wiseman of Cisco Talos.
Trust: 0.6
sources:
CNNVD: CNNVD-202202-099
SOURCES
| db: | CNVD | id: | CNVD-2022-10699 |
| db: | JVNDB | id: | JVNDB-2022-004773 |
| db: | CNNVD | id: | CNNVD-202202-099 |
| db: | NVD | id: | CVE-2021-21968 |
LAST UPDATE DATE
2024-08-14T14:02:45.766000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2022-10699 | date: | 2022-02-16T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-004773 | date: | 2023-05-01T08:23:00 |
| db: | CNNVD | id: | CNNVD-202202-099 | date: | 2023-07-03T00:00:00 |
| db: | NVD | id: | CVE-2021-21968 | date: | 2023-06-30T18:08:30.907 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2022-10699 | date: | 2022-02-16T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-004773 | date: | 2023-05-01T00:00:00 |
| db: | CNNVD | id: | CNNVD-202202-099 | date: | 2022-02-01T00:00:00 |
| db: | NVD | id: | CVE-2021-21968 | date: | 2022-02-04T23:15:10.717 |