Details of VAR-202107-0561

ID

VAR-202107-0561

CVE

CVE-2021-21802

TITLE

Advantech R-SeeNet Cross-site scripting vulnerabilities in web applications

Trust: 0.8

sources: JVNDB: JVNDB-2021-009584

DESCRIPTION

This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Advantech R-SeeNet is an industrial monitoring software developed by China Taiwan Advantech Company. The software monitors the platform based on the snmp protocol, and is suitable for Linux and Windows platforms

Trust: 2.34

sources: NVD: CVE-2021-21802 // JVNDB: JVNDB-2021-009584 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-380206 // VULMON: CVE-2021-21802

AFFECTED PRODUCTS

vendor:	advantech	model:	r-seenet	scope:	eq	version:	2.4.12	Trust: 1.0
vendor:	アドバンテック株式会社	model:	r-seenet	scope:	eq	version:	-	Trust: 0.8
vendor:	アドバンテック株式会社	model:	r-seenet	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-009584 // NVD: CVE-2021-21802

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-21802
value:	MEDIUM
Trust: 1.0
talos-cna@cisco.com:	CVE-2021-21802
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2021-21802
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202107-1102
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-380206
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-21802
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-21802
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-380206
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-21802
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0
talos-cna@cisco.com:	CVE-2021-21802
baseSeverity:	CRITICAL
baseScore:	9.6
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	6.0
version:	3.0
Trust: 1.0
NVD:	CVE-2021-21802
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-380206 // VULMON: CVE-2021-21802 // JVNDB: JVNDB-2021-009584 // CNNVD: CNNVD-202107-1102 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-21802 // NVD: CVE-2021-21802

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.1
problemtype:	Cross-site scripting (CWE-79) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-380206 // JVNDB: JVNDB-2021-009584 // NVD: CVE-2021-21802

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-1102

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202107-1102

PATCH

title:	Top Page	url:	https://www.advantech.com/	Trust: 0.8
title:	Advantech R-SeeNet Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=157182	Trust: 0.6
title:	Kenzer Templates [5170] [DEPRECATED]	url:	https://github.com/ARPSyndicate/kenzer-templates	Trust: 0.1

sources: VULMON: CVE-2021-21802 // JVNDB: JVNDB-2021-009584 // CNNVD: CNNVD-202107-1102

EXTERNAL IDS

db:	NVD	id:	CVE-2021-21802	Trust: 3.4
db:	TALOS	id:	TALOS-2021-1272	Trust: 2.6
db:	JVNDB	id:	JVNDB-2021-009584	Trust: 0.8
db:	CNNVD	id:	CNNVD-202107-1102	Trust: 0.7
db:	CS-HELP	id:	SB2021071609	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	VULHUB	id:	VHN-380206	Trust: 0.1
db:	VULMON	id:	CVE-2021-21802	Trust: 0.1

sources: VULHUB: VHN-380206 // VULMON: CVE-2021-21802 // JVNDB: JVNDB-2021-009584 // CNNVD: CNNVD-202107-1102 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-21802

REFERENCES

url:	https://talosintelligence.com/vulnerability_reports/talos-2021-1272	Trust: 2.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21802	Trust: 1.4
url:	https://www.cybersecurity-help.cz/vdb/sb2021071609	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/arpsyndicate/kenzer-templates	Trust: 0.1

sources: VULHUB: VHN-380206 // VULMON: CVE-2021-21802 // JVNDB: JVNDB-2021-009584 // CNNVD: CNNVD-202107-1102 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-21802

CREDITS

Member of Cisco Talos team

Trust: 0.6

sources: CNNVD: CNNVD-202107-1102

SOURCES

db:	VULHUB	id:	VHN-380206
db:	VULMON	id:	CVE-2021-21802
db:	JVNDB	id:	JVNDB-2021-009584
db:	CNNVD	id:	CNNVD-202107-1102
db:	CNNVD	id:	CNNVD-202104-975
db:	NVD	id:	CVE-2021-21802

LAST UPDATE DATE

2024-08-14T12:13:08.142000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-380206	date:	2022-09-30T00:00:00
db:	VULMON	id:	CVE-2021-21802	date:	2022-09-30T00:00:00
db:	JVNDB	id:	JVNDB-2021-009584	date:	2022-05-11T04:55:00
db:	CNNVD	id:	CNNVD-202107-1102	date:	2021-07-21T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	NVD	id:	CVE-2021-21802	date:	2022-09-30T03:08:56.067

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-380206	date:	2021-07-16T00:00:00
db:	VULMON	id:	CVE-2021-21802	date:	2021-07-16T00:00:00
db:	JVNDB	id:	JVNDB-2021-009584	date:	2022-05-11T00:00:00
db:	CNNVD	id:	CNNVD-202107-1102	date:	2021-07-15T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	NVD	id:	CVE-2021-21802	date:	2021-07-16T11:15:09.790