Sign-up

ID

VAR-202203-1802


CVE

CVE-2021-44905


TITLE

cef  of  fortessa ftbtld  Improper default permissions vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2021-019063

DESCRIPTION

Incorrect permissions in the Bluetooth Services in the Fortessa FTBTLD Smart Lock as of 12-13-2022 allows a remote attacker to disable the lock via an unauthenticated edit to the lock name. cef of fortessa ftbtld A firmware vulnerability related to improper default permissions exists.Information is tampered with and service operation is interrupted (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2021-44905 // JVNDB: JVNDB-2021-019063

IOT TAXONOMY

category:['home & office device']sub_category:smart lock

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:cefmodel:fortessa ftbtldscope:gteversion:12-13-2022

Trust: 1.0

vendor:cefmodel:fortessa ftbtldscope: - version: -

Trust: 0.8

vendor:cefmodel:fortessa ftbtldscope:eqversion:fortessa ftbtld firmware 12-13-2022 that's all

Trust: 0.8

vendor:cefmodel:fortessa ftbtldscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-019063 // NVD: CVE-2021-44905

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-44905
value: HIGH

Trust: 1.0

NVD: CVE-2021-44905
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202203-2266
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2021-44905
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2021-44905
baseSeverity: HIGH
baseScore: 8.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.2
version: 3.1

Trust: 1.0

NVD: CVE-2021-44905
baseSeverity: HIGH
baseScore: 8.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2021-019063 // CNNVD: CNNVD-202203-2266 // NVD: CVE-2021-44905

PROBLEMTYPE DATA

problemtype:CWE-276

Trust: 1.0

problemtype:Inappropriate default permissions (CWE-276) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-019063 // NVD: CVE-2021-44905

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202203-2266

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202203-2266

EXTERNAL IDS

db:NVDid:CVE-2021-44905

Trust: 3.3

db:JVNDBid:JVNDB-2021-019063

Trust: 0.8

db:CNNVDid:CNNVD-202203-2266

Trust: 0.6

db:OTHERid:NONE

Trust: 0.1

sources: OTHER: None // JVNDB: JVNDB-2021-019063 // CNNVD: CNNVD-202203-2266 // NVD: CVE-2021-44905

REFERENCES

url:https://ashallen.net/fortessa-ftbtld-smart-lock-allows-unauthorized-users-to-change-the-device-name-hilarity-ensues

Trust: 2.4

url:https://online.fliphtml5.com/fbwgm/fome/#p=20

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-44905

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2021-44905/

Trust: 0.6

url:https://ieeexplore.ieee.org/abstract/document/10769424

Trust: 0.1

sources: OTHER: None // JVNDB: JVNDB-2021-019063 // CNNVD: CNNVD-202203-2266 // NVD: CVE-2021-44905

SOURCES

db:OTHERid: -
db:JVNDBid:JVNDB-2021-019063
db:CNNVDid:CNNVD-202203-2266
db:NVDid:CVE-2021-44905

LAST UPDATE DATE

2025-01-30T19:29:54.643000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2021-019063date:2023-07-14T08:39:00
db:CNNVDid:CNNVD-202203-2266date:2022-04-06T00:00:00
db:NVDid:CVE-2021-44905date:2024-11-21T06:31:40.800

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2021-019063date:2023-07-14T00:00:00
db:CNNVDid:CNNVD-202203-2266date:2022-03-25T00:00:00
db:NVDid:CVE-2021-44905date:2022-03-25T21:15:08.933