Details of VAR-202206-1859

ID

VAR-202206-1859

CVE

CVE-2021-41637

TITLE

melag of ftp server Vulnerability regarding improper default permissions in

Trust: 0.8

sources: JVNDB: JVNDB-2021-019947

DESCRIPTION

Weak access control permissions in MELAG FTP Server 2.2.0.4 allow the "Everyone" group to read the local FTP configuration file, which includes among other information the unencrypted passwords of all FTP users. melag of ftp server There is a vulnerability in improper default permissions.Information may be obtained and information may be tampered with. MELAG FTP Server is an FTP server of MELAG, Germany. The vulnerability stems from improper permission management of files. information

Trust: 2.25

sources: NVD: CVE-2021-41637 // JVNDB: JVNDB-2021-019947 // CNVD: CNVD-2022-65336 // VULMON: CVE-2021-41637

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-65336

AFFECTED PRODUCTS

vendor:	melag	model:	ftp server	scope:	eq	version:	2.2.0.4	Trust: 2.4
vendor:	melag	model:	ftp server	scope:	-	version:	-	Trust: 0.8
vendor:	melag	model:	ftp server	scope:	eq	version:	-	Trust: 0.8

sources: CNVD: CNVD-2022-65336 // JVNDB: JVNDB-2021-019947 // NVD: CVE-2021-41637

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-41637
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-41637
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2022-65336
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202206-2466
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-41637
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-41637
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2022-65336
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-41637
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2021-41637
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-65336 // VULMON: CVE-2021-41637 // JVNDB: JVNDB-2021-019947 // CNNVD: CNNVD-202206-2466 // NVD: CVE-2021-41637

PROBLEMTYPE DATA

problemtype:	CWE-276	Trust: 1.0
problemtype:	Inappropriate default permissions (CWE-276) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-019947 // NVD: CVE-2021-41637

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202206-2466

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202206-2466

EXTERNAL IDS

db:	NVD	id:	CVE-2021-41637	Trust: 3.9
db:	JVNDB	id:	JVNDB-2021-019947	Trust: 0.8
db:	CNVD	id:	CNVD-2022-65336	Trust: 0.6
db:	CNNVD	id:	CNNVD-202206-2466	Trust: 0.6
db:	VULMON	id:	CVE-2021-41637	Trust: 0.1

sources: CNVD: CNVD-2022-65336 // VULMON: CVE-2021-41637 // JVNDB: JVNDB-2021-019947 // CNNVD: CNNVD-202206-2466 // NVD: CVE-2021-41637

REFERENCES

url:	https://www.securesystems.de/blog/advisory-and-exploitation-the-melag-ftp-server/	Trust: 3.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-41637	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2021-41637/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/276.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-65336 // VULMON: CVE-2021-41637 // JVNDB: JVNDB-2021-019947 // CNNVD: CNNVD-202206-2466 // NVD: CVE-2021-41637

SOURCES

db:	CNVD	id:	CNVD-2022-65336
db:	VULMON	id:	CVE-2021-41637
db:	JVNDB	id:	JVNDB-2021-019947
db:	CNNVD	id:	CNNVD-202206-2466
db:	NVD	id:	CVE-2021-41637

LAST UPDATE DATE

2024-08-14T14:17:52.057000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-65336	date:	2022-09-23T00:00:00
db:	VULMON	id:	CVE-2021-41637	date:	2022-07-01T00:00:00
db:	JVNDB	id:	JVNDB-2021-019947	date:	2023-08-29T08:05:00
db:	CNNVD	id:	CNNVD-202206-2466	date:	2022-07-04T00:00:00
db:	NVD	id:	CVE-2021-41637	date:	2022-07-01T16:48:40.010

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-65336	date:	2022-09-23T00:00:00
db:	VULMON	id:	CVE-2021-41637	date:	2022-06-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-019947	date:	2023-08-29T00:00:00
db:	CNNVD	id:	CNNVD-202206-2466	date:	2022-06-24T00:00:00
db:	NVD	id:	CVE-2021-41637	date:	2022-06-24T12:15:08.157