Sign-up

ID

VAR-202110-1391


CVE

CVE-2021-41873


TITLE

Penguin Aurora TV Box  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-014268

DESCRIPTION

Penguin Aurora TV Box 41502 is a high-end network HD set-top box produced by Tencent Video and Skyworth Digital. An unauthorized access vulnerability exists in the Penguin Aurora Box. An attacker can use the vulnerability to gain unauthorized access to a specific link to remotely control the TV

Trust: 1.71

sources: NVD: CVE-2021-41873 // JVNDB: JVNDB-2021-014268 // VULMON: CVE-2021-41873

AFFECTED PRODUCTS

vendor:skyworthmodel:penguin aurora boxscope:eqversion: -

Trust: 1.0

vendor:skyworth digital holdingsmodel:penguin aurora boxscope:eqversion: -

Trust: 0.8

vendor:skyworth digital holdingsmodel:penguin aurora boxscope:eqversion:penguin aurora box firmware

Trust: 0.8

sources: JVNDB: JVNDB-2021-014268 // NVD: CVE-2021-41873

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-41873
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-41873
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202110-1827
value: CRITICAL

Trust: 0.6

VULMON: CVE-2021-41873
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-41873
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2021-41873
baseSeverity: CRITICAL
baseScore: 10.0
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.8
version: 3.1

Trust: 1.0

NVD: CVE-2021-41873
baseSeverity: CRITICAL
baseScore: 10.0
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2021-41873 // JVNDB: JVNDB-2021-014268 // CNNVD: CNNVD-202110-1827 // NVD: CVE-2021-41873

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-014268 // NVD: CVE-2021-41873

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-1827

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202110-1827

PATCH

title:Top Pageurl:https://en.skyworthdigital.com/

Trust: 0.8

sources: JVNDB: JVNDB-2021-014268

EXTERNAL IDS

db:NVDid:CVE-2021-41873

Trust: 3.3

db:JVNDBid:JVNDB-2021-014268

Trust: 0.8

db:CNNVDid:CNNVD-202110-1827

Trust: 0.6

db:VULMONid:CVE-2021-41873

Trust: 0.1

sources: VULMON: CVE-2021-41873 // JVNDB: JVNDB-2021-014268 // CNNVD: CNNVD-202110-1827 // NVD: CVE-2021-41873

REFERENCES

url:https://www.cnvd.org.cn/flaw/show/2934166

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-41873

Trust: 1.4

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2021-41873 // JVNDB: JVNDB-2021-014268 // CNNVD: CNNVD-202110-1827 // NVD: CVE-2021-41873

SOURCES

db:VULMONid:CVE-2021-41873
db:JVNDBid:JVNDB-2021-014268
db:CNNVDid:CNNVD-202110-1827
db:NVDid:CVE-2021-41873

LAST UPDATE DATE

2024-08-14T13:23:14.258000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2021-41873date:2022-07-12T00:00:00
db:JVNDBid:JVNDB-2021-014268date:2022-10-11T09:02:00
db:CNNVDid:CNNVD-202110-1827date:2022-07-14T00:00:00
db:NVDid:CVE-2021-41873date:2022-07-12T17:42:04.277

SOURCES RELEASE DATE

db:VULMONid:CVE-2021-41873date:2021-10-26T00:00:00
db:JVNDBid:JVNDB-2021-014268date:2022-10-11T00:00:00
db:CNNVDid:CNNVD-202110-1827date:2021-10-26T00:00:00
db:NVDid:CVE-2021-41873date:2021-10-26T12:15:07.530