Details of VAR-202107-0560

ID

VAR-202107-0560

CVE

CVE-2021-21801

TITLE

Advantech R-SeeNet Cross-site scripting vulnerabilities in web applications

Trust: 0.8

sources: JVNDB: JVNDB-2021-009583

DESCRIPTION

This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Advantech R-SeeNet is an industrial monitoring software developed by China Taiwan Advantech Company. The software monitors the platform based on the snmp protocol, and is suitable for Linux and Windows platforms

Trust: 2.34

sources: NVD: CVE-2021-21801 // JVNDB: JVNDB-2021-009583 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-380205 // VULMON: CVE-2021-21801

AFFECTED PRODUCTS

vendor:	advantech	model:	r-seenet	scope:	eq	version:	2.4.12	Trust: 1.0
vendor:	アドバンテック株式会社	model:	r-seenet	scope:	eq	version:	-	Trust: 0.8
vendor:	アドバンテック株式会社	model:	r-seenet	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-009583 // NVD: CVE-2021-21801

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-21801
value:	MEDIUM
Trust: 1.0
talos-cna@cisco.com:	CVE-2021-21801
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2021-21801
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202107-1107
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-380205
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-21801
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-21801
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-380205
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-21801
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0
talos-cna@cisco.com:	CVE-2021-21801
baseSeverity:	CRITICAL
baseScore:	9.6
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	6.0
version:	3.0
Trust: 1.0
NVD:	CVE-2021-21801
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-380205 // VULMON: CVE-2021-21801 // JVNDB: JVNDB-2021-009583 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1107 // NVD: CVE-2021-21801 // NVD: CVE-2021-21801

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.1
problemtype:	Cross-site scripting (CWE-79) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-380205 // JVNDB: JVNDB-2021-009583 // NVD: CVE-2021-21801

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-1107

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	Top Page	url:	https://www.advantech.com/	Trust: 0.8
title:	Kenzer Templates [5170] [DEPRECATED]	url:	https://github.com/ARPSyndicate/kenzer-templates	Trust: 0.1

sources: VULMON: CVE-2021-21801 // JVNDB: JVNDB-2021-009583

EXTERNAL IDS

db:	NVD	id:	CVE-2021-21801	Trust: 3.4
db:	TALOS	id:	TALOS-2021-1272	Trust: 2.6
db:	JVNDB	id:	JVNDB-2021-009583	Trust: 0.8
db:	CNNVD	id:	CNNVD-202107-1107	Trust: 0.7
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021071609	Trust: 0.6
db:	VULHUB	id:	VHN-380205	Trust: 0.1
db:	VULMON	id:	CVE-2021-21801	Trust: 0.1

sources: VULHUB: VHN-380205 // VULMON: CVE-2021-21801 // JVNDB: JVNDB-2021-009583 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1107 // NVD: CVE-2021-21801

REFERENCES

url:	https://talosintelligence.com/vulnerability_reports/talos-2021-1272	Trust: 3.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21801	Trust: 1.4
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021071609	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/arpsyndicate/kenzer-templates	Trust: 0.1

sources: VULHUB: VHN-380205 // VULMON: CVE-2021-21801 // JVNDB: JVNDB-2021-009583 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1107 // NVD: CVE-2021-21801

CREDITS

Member of Cisco Talos team

Trust: 0.6

sources: CNNVD: CNNVD-202107-1107

SOURCES

db:	VULHUB	id:	VHN-380205
db:	VULMON	id:	CVE-2021-21801
db:	JVNDB	id:	JVNDB-2021-009583
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202107-1107
db:	NVD	id:	CVE-2021-21801

LAST UPDATE DATE

2024-08-14T12:44:53.347000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-380205	date:	2022-09-30T00:00:00
db:	VULMON	id:	CVE-2021-21801	date:	2022-09-30T00:00:00
db:	JVNDB	id:	JVNDB-2021-009583	date:	2022-05-11T04:55:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202107-1107	date:	2021-08-24T00:00:00
db:	NVD	id:	CVE-2021-21801	date:	2022-09-30T03:08:38.663

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-380205	date:	2021-07-16T00:00:00
db:	VULMON	id:	CVE-2021-21801	date:	2021-07-16T00:00:00
db:	JVNDB	id:	JVNDB-2021-009583	date:	2022-05-11T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202107-1107	date:	2021-07-15T00:00:00
db:	NVD	id:	CVE-2021-21801	date:	2021-07-16T11:15:09.753