Details of VAR-202111-1566

ID

VAR-202111-1566

CVE

CVE-2021-43284

TITLE

Victure WR1200 Device Vulnerability Using Hardcoded Credentials

Trust: 0.8

sources: JVNDB: JVNDB-2021-015773

DESCRIPTION

An issue was discovered on Victure WR1200 devices through 1.0.3. The root SSH password never gets updated from its default value of admin. This enables an attacker to gain control of the device through SSH (regardless of whether the admin password was changed on the web interface). Victure WR1200 The device contains a vulnerability related to the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Victure WR1200 is a router. Victure WR1200 1.0.3 and earlier versions have a trust management vulnerability

Trust: 2.16

sources: NVD: CVE-2021-43284 // JVNDB: JVNDB-2021-015773 // CNVD: CNVD-2021-95232

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-95232

AFFECTED PRODUCTS

vendor:	govicture	model:	wr1200	scope:	lte	version:	1.0.3	Trust: 1.0
vendor:	victure	model:	wr1200	scope:	eq	version:	-	Trust: 0.8
vendor:	victure	model:	wr1200	scope:	eq	version:	wr1200 firmware 1.0.3 to	Trust: 0.8
vendor:	victure	model:	wr1200	scope:	lte	version:	<=1.0.3	Trust: 0.6

sources: CNVD: CNVD-2021-95232 // JVNDB: JVNDB-2021-015773 // NVD: CVE-2021-43284

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-43284
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-43284
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-95232
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202111-2377
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2021-43284
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-95232
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-43284
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-43284
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-95232 // JVNDB: JVNDB-2021-015773 // CNNVD: CNNVD-202111-2377 // NVD: CVE-2021-43284

PROBLEMTYPE DATA

problemtype:	CWE-798	Trust: 1.0
problemtype:	Use hard-coded credentials (CWE-798) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-015773 // NVD: CVE-2021-43284

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202111-2377

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202111-2377

PATCH

title:

top page

url:

https://jp.govicture.com/

Trust: 0.8

sources: JVNDB: JVNDB-2021-015773

EXTERNAL IDS

db:	NVD	id:	CVE-2021-43284	Trust: 3.8
db:	JVNDB	id:	JVNDB-2021-015773	Trust: 0.8
db:	CNVD	id:	CNVD-2021-95232	Trust: 0.6
db:	CNNVD	id:	CNNVD-202111-2377	Trust: 0.6

sources: CNVD: CNVD-2021-95232 // JVNDB: JVNDB-2021-015773 // CNNVD: CNNVD-202111-2377 // NVD: CVE-2021-43284

REFERENCES

url:	https://research.nccgroup.com/2021/11/12/technical-advisory-multiple-vulnerabilities-in-victure-wr1200-wifi-router-cve-2021-43282-cve-2021-43283-cve-2021-43284/	Trust: 2.4
url:	https://www.nccgroup.trust/us/our-research/?research=technical+advisories	Trust: 2.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-43284	Trust: 1.4

sources: CNVD: CNVD-2021-95232 // JVNDB: JVNDB-2021-015773 // CNNVD: CNNVD-202111-2377 // NVD: CVE-2021-43284

SOURCES

db:	CNVD	id:	CNVD-2021-95232
db:	JVNDB	id:	JVNDB-2021-015773
db:	CNNVD	id:	CNNVD-202111-2377
db:	NVD	id:	CVE-2021-43284

LAST UPDATE DATE

2024-08-14T14:50:03.819000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-95232	date:	2021-12-08T00:00:00
db:	JVNDB	id:	JVNDB-2021-015773	date:	2022-11-30T02:08:00
db:	CNNVD	id:	CNNVD-202111-2377	date:	2021-12-09T00:00:00
db:	NVD	id:	CVE-2021-43284	date:	2021-12-03T15:53:25.103

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-95232	date:	2021-12-08T00:00:00
db:	JVNDB	id:	JVNDB-2021-015773	date:	2022-11-30T00:00:00
db:	CNNVD	id:	CNNVD-202111-2377	date:	2021-11-30T00:00:00
db:	NVD	id:	CVE-2021-43284	date:	2021-11-30T19:15:09.690