Details of VAR-202111-1567

ID

VAR-202111-1567

CVE

CVE-2021-43283

TITLE

Victure WR1200 operating system command injection vulnerability

Trust: 1.2

sources: CNVD: CNVD-2021-95233 // CNNVD: CNNVD-202111-2380

DESCRIPTION

An issue was discovered on Victure WR1200 devices through 1.0.3. A command injection vulnerability was found within the web interface of the device, allowing an attacker with valid credentials to inject arbitrary shell commands to be executed by the device with root privileges. This occurs in the ping and traceroute features. An attacker would thus be able to use this vulnerability to open a reverse shell on the device with root privileges. Victure WR1200 On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Victure WR1200 is a router. Victure WR1200 1.0.3 and earlier versions have operating system command injection vulnerability

Trust: 2.16

sources: NVD: CVE-2021-43283 // JVNDB: JVNDB-2021-015772 // CNVD: CNVD-2021-95233

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-95233

AFFECTED PRODUCTS

vendor:	govicture	model:	wr1200	scope:	lte	version:	1.0.3	Trust: 1.0
vendor:	victure	model:	wr1200	scope:	eq	version:	-	Trust: 0.8
vendor:	victure	model:	wr1200	scope:	eq	version:	wr1200 firmware 1.0.3 to	Trust: 0.8
vendor:	victure	model:	wr1200	scope:	lte	version:	<=1.0.3	Trust: 0.6

sources: CNVD: CNVD-2021-95233 // JVNDB: JVNDB-2021-015772 // NVD: CVE-2021-43283

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-43283
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-43283
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-95233
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202111-2380
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2021-43283
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-95233
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-43283
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-43283
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-95233 // JVNDB: JVNDB-2021-015772 // CNNVD: CNNVD-202111-2380 // NVD: CVE-2021-43283

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.0
problemtype:	OS Command injection (CWE-78) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-015772 // NVD: CVE-2021-43283

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202111-2380

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202111-2380

PATCH

title:

top page

url:

https://jp.govicture.com/

Trust: 0.8

sources: JVNDB: JVNDB-2021-015772

EXTERNAL IDS

db:	NVD	id:	CVE-2021-43283	Trust: 3.8
db:	JVNDB	id:	JVNDB-2021-015772	Trust: 0.8
db:	CNVD	id:	CNVD-2021-95233	Trust: 0.6
db:	CNNVD	id:	CNNVD-202111-2380	Trust: 0.6

sources: CNVD: CNVD-2021-95233 // JVNDB: JVNDB-2021-015772 // CNNVD: CNNVD-202111-2380 // NVD: CVE-2021-43283

REFERENCES

url:	https://research.nccgroup.com/2021/11/12/technical-advisory-multiple-vulnerabilities-in-victure-wr1200-wifi-router-cve-2021-43282-cve-2021-43283-cve-2021-43284/	Trust: 3.0
url:	https://www.nccgroup.trust/us/our-research/?research=technical+advisories	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-43283	Trust: 1.4

sources: CNVD: CNVD-2021-95233 // JVNDB: JVNDB-2021-015772 // CNNVD: CNNVD-202111-2380 // NVD: CVE-2021-43283

SOURCES

db:	CNVD	id:	CNVD-2021-95233
db:	JVNDB	id:	JVNDB-2021-015772
db:	CNNVD	id:	CNNVD-202111-2380
db:	NVD	id:	CVE-2021-43283

LAST UPDATE DATE

2024-08-14T14:11:10.753000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-95233	date:	2021-12-08T00:00:00
db:	JVNDB	id:	JVNDB-2021-015772	date:	2022-11-30T02:08:00
db:	CNNVD	id:	CNNVD-202111-2380	date:	2021-12-09T00:00:00
db:	NVD	id:	CVE-2021-43283	date:	2021-12-03T15:56:01.507

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-95233	date:	2021-12-08T00:00:00
db:	JVNDB	id:	JVNDB-2021-015772	date:	2022-11-30T00:00:00
db:	CNNVD	id:	CNNVD-202111-2380	date:	2021-11-30T00:00:00
db:	NVD	id:	CVE-2021-43283	date:	2021-11-30T19:15:09.510