Sign-up

ID

VAR-202206-1870


CVE

CVE-2021-41638


TITLE

melag  of  ftp server  Authentication vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-019946

DESCRIPTION

The authentication checks of the MELAG FTP Server in version 2.2.0.4 are incomplete, which allows a remote attacker to access local files only by using a valid username. melag of ftp server There is an authentication vulnerability in.Information may be obtained

Trust: 2.25

sources: NVD: CVE-2021-41638 // JVNDB: JVNDB-2021-019946 // CNVD: CNVD-2022-65335 // VULMON: CVE-2021-41638

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-65335

AFFECTED PRODUCTS

vendor:melagmodel:ftp serverscope:eqversion:2.2.0.4

Trust: 2.4

vendor:melagmodel:ftp serverscope: - version: -

Trust: 0.8

vendor:melagmodel:ftp serverscope:eqversion: -

Trust: 0.8

sources: CNVD: CNVD-2022-65335 // JVNDB: JVNDB-2021-019946 // NVD: CVE-2021-41638

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-41638
value: HIGH

Trust: 1.0

NVD: CVE-2021-41638
value: HIGH

Trust: 0.8

CNVD: CNVD-2022-65335
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202206-2467
value: HIGH

Trust: 0.6

VULMON: CVE-2021-41638
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-41638
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2022-65335
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-41638
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-41638
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-65335 // VULMON: CVE-2021-41638 // JVNDB: JVNDB-2021-019946 // CNNVD: CNNVD-202206-2467 // NVD: CVE-2021-41638

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.0

problemtype:Inappropriate authentication (CWE-287) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-019946 // NVD: CVE-2021-41638

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202206-2467

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202206-2467

EXTERNAL IDS

db:NVDid:CVE-2021-41638

Trust: 3.9

db:JVNDBid:JVNDB-2021-019946

Trust: 0.8

db:CNVDid:CNVD-2022-65335

Trust: 0.6

db:CNNVDid:CNNVD-202206-2467

Trust: 0.6

db:VULMONid:CVE-2021-41638

Trust: 0.1

sources: CNVD: CNVD-2022-65335 // VULMON: CVE-2021-41638 // JVNDB: JVNDB-2021-019946 // CNNVD: CNNVD-202206-2467 // NVD: CVE-2021-41638

REFERENCES

url:https://www.securesystems.de/blog/advisory-and-exploitation-the-melag-ftp-server/

Trust: 3.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-41638

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2021-41638/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/287.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2022-65335 // VULMON: CVE-2021-41638 // JVNDB: JVNDB-2021-019946 // CNNVD: CNNVD-202206-2467 // NVD: CVE-2021-41638

SOURCES

db:CNVDid:CNVD-2022-65335
db:VULMONid:CVE-2021-41638
db:JVNDBid:JVNDB-2021-019946
db:CNNVDid:CNNVD-202206-2467
db:NVDid:CVE-2021-41638

LAST UPDATE DATE

2024-08-14T15:06:17.346000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-65335date:2022-09-23T00:00:00
db:VULMONid:CVE-2021-41638date:2022-07-01T00:00:00
db:JVNDBid:JVNDB-2021-019946date:2023-08-29T08:05:00
db:CNNVDid:CNNVD-202206-2467date:2022-07-04T00:00:00
db:NVDid:CVE-2021-41638date:2022-07-01T16:54:44.490

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-65335date:2022-09-23T00:00:00
db:VULMONid:CVE-2021-41638date:2022-06-24T00:00:00
db:JVNDBid:JVNDB-2021-019946date:2023-08-29T00:00:00
db:CNNVDid:CNNVD-202206-2467date:2022-06-24T00:00:00
db:NVDid:CVE-2021-41638date:2022-06-24T12:15:08.203