Details of VAR-202206-1828

ID

VAR-202206-1828

CVE

CVE-2021-41634

TITLE

melag of ftp server Vulnerability regarding observable inconsistencies in

Trust: 0.8

sources: JVNDB: JVNDB-2021-019950

DESCRIPTION

A user enumeration vulnerability in MELAG FTP Server 2.2.0.4 allows an attacker to identify valid FTP usernames. melag of ftp server Exists in observable mismatch vulnerabilities.Information may be obtained. MELAG FTP Server is an FTP server of MELAG, Germany. The vulnerability arises from the fact that the program presents different responses to users and non-users

Trust: 2.25

sources: NVD: CVE-2021-41634 // JVNDB: JVNDB-2021-019950 // CNVD: CNVD-2022-65337 // VULMON: CVE-2021-41634

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-65337

AFFECTED PRODUCTS

vendor:	melag	model:	ftp server	scope:	eq	version:	2.2.0.4	Trust: 2.4
vendor:	melag	model:	ftp server	scope:	-	version:	-	Trust: 0.8
vendor:	melag	model:	ftp server	scope:	eq	version:	-	Trust: 0.8

sources: CNVD: CNVD-2022-65337 // JVNDB: JVNDB-2021-019950 // NVD: CVE-2021-41634

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-41634
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-41634
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2022-65337
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202206-2470
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2021-41634
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-41634
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2022-65337
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-41634
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2021-41634
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-65337 // VULMON: CVE-2021-41634 // JVNDB: JVNDB-2021-019950 // CNNVD: CNNVD-202206-2470 // NVD: CVE-2021-41634

PROBLEMTYPE DATA

problemtype:	CWE-203	Trust: 1.0
problemtype:	Observable discrepancy (CWE-203) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-019950 // NVD: CVE-2021-41634

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202206-2470

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202206-2470

PATCH

title:	Patch for MELAG FTP Server User Enumeration Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/352896	Trust: 0.6
title:	MELAG FTP Server Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=198628	Trust: 0.6

sources: CNVD: CNVD-2022-65337 // CNNVD: CNNVD-202206-2470

EXTERNAL IDS

db:	NVD	id:	CVE-2021-41634	Trust: 3.9
db:	JVNDB	id:	JVNDB-2021-019950	Trust: 0.8
db:	CNVD	id:	CNVD-2022-65337	Trust: 0.6
db:	CNNVD	id:	CNNVD-202206-2470	Trust: 0.6
db:	VULMON	id:	CVE-2021-41634	Trust: 0.1

sources: CNVD: CNVD-2022-65337 // VULMON: CVE-2021-41634 // JVNDB: JVNDB-2021-019950 // CNNVD: CNNVD-202206-2470 // NVD: CVE-2021-41634

REFERENCES

url:	https://www.securesystems.de/blog/advisory-and-exploitation-the-melag-ftp-server/	Trust: 3.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-41634	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2021-41634/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/203.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-65337 // VULMON: CVE-2021-41634 // JVNDB: JVNDB-2021-019950 // CNNVD: CNNVD-202206-2470 // NVD: CVE-2021-41634

SOURCES

db:	CNVD	id:	CNVD-2022-65337
db:	VULMON	id:	CVE-2021-41634
db:	JVNDB	id:	JVNDB-2021-019950
db:	CNNVD	id:	CNNVD-202206-2470
db:	NVD	id:	CVE-2021-41634

LAST UPDATE DATE

2024-08-14T15:06:17.398000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-65337	date:	2022-09-23T00:00:00
db:	VULMON	id:	CVE-2021-41634	date:	2022-07-01T00:00:00
db:	JVNDB	id:	JVNDB-2021-019950	date:	2023-08-29T08:05:00
db:	CNNVD	id:	CNNVD-202206-2470	date:	2022-07-04T00:00:00
db:	NVD	id:	CVE-2021-41634	date:	2022-07-01T16:37:42.750

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-65337	date:	2022-09-23T00:00:00
db:	VULMON	id:	CVE-2021-41634	date:	2022-06-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-019950	date:	2023-08-29T00:00:00
db:	CNNVD	id:	CNNVD-202206-2470	date:	2022-06-24T00:00:00
db:	NVD	id:	CVE-2021-41634	date:	2022-06-24T12:15:07.990