ID

VAR-202111-1567


CVE

CVE-2021-43283


TITLE

Victure WR1200 operating system command injection vulnerability

Trust: 1.2

sources: CNVD: CNVD-2021-95233 // CNNVD: CNNVD-202111-2380

DESCRIPTION

An issue was discovered on Victure WR1200 devices through 1.0.3. A command injection vulnerability was found within the web interface of the device, allowing an attacker with valid credentials to inject arbitrary shell commands to be executed by the device with root privileges. This occurs in the ping and traceroute features. An attacker would thus be able to use this vulnerability to open a reverse shell on the device with root privileges. Victure WR1200 On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Victure WR1200 is a router. Victure WR1200 1.0.3 and earlier versions have operating system command injection vulnerability

Trust: 2.16

sources: NVD: CVE-2021-43283 // JVNDB: JVNDB-2021-015772 // CNVD: CNVD-2021-95233

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-95233

AFFECTED PRODUCTS

vendor:govicturemodel:wr1200scope:lteversion:1.0.3

Trust: 1.0

vendor:victuremodel:wr1200scope:eqversion: -

Trust: 0.8

vendor:victuremodel:wr1200scope:eqversion:wr1200 firmware 1.0.3 to

Trust: 0.8

vendor:victuremodel:wr1200scope:lteversion:<=1.0.3

Trust: 0.6

sources: CNVD: CNVD-2021-95233 // JVNDB: JVNDB-2021-015772 // NVD: CVE-2021-43283

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-43283
value: HIGH

Trust: 1.0

NVD: CVE-2021-43283
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-95233
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202111-2380
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2021-43283
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2021-95233
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-43283
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-43283
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-95233 // JVNDB: JVNDB-2021-015772 // CNNVD: CNNVD-202111-2380 // NVD: CVE-2021-43283

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:OS Command injection (CWE-78) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-015772 // NVD: CVE-2021-43283

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202111-2380

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202111-2380

PATCH

title:top pageurl:https://jp.govicture.com/

Trust: 0.8

sources: JVNDB: JVNDB-2021-015772

EXTERNAL IDS

db:NVDid:CVE-2021-43283

Trust: 3.8

db:JVNDBid:JVNDB-2021-015772

Trust: 0.8

db:CNVDid:CNVD-2021-95233

Trust: 0.6

db:CNNVDid:CNNVD-202111-2380

Trust: 0.6

sources: CNVD: CNVD-2021-95233 // JVNDB: JVNDB-2021-015772 // CNNVD: CNNVD-202111-2380 // NVD: CVE-2021-43283

REFERENCES

url:https://research.nccgroup.com/2021/11/12/technical-advisory-multiple-vulnerabilities-in-victure-wr1200-wifi-router-cve-2021-43282-cve-2021-43283-cve-2021-43284/

Trust: 3.0

url:https://www.nccgroup.trust/us/our-research/?research=technical+advisories

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-43283

Trust: 1.4

sources: CNVD: CNVD-2021-95233 // JVNDB: JVNDB-2021-015772 // CNNVD: CNNVD-202111-2380 // NVD: CVE-2021-43283

SOURCES

db:CNVDid:CNVD-2021-95233
db:JVNDBid:JVNDB-2021-015772
db:CNNVDid:CNNVD-202111-2380
db:NVDid:CVE-2021-43283

LAST UPDATE DATE

2024-11-23T22:25:02.725000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-95233date:2021-12-08T00:00:00
db:JVNDBid:JVNDB-2021-015772date:2022-11-30T02:08:00
db:CNNVDid:CNNVD-202111-2380date:2021-12-09T00:00:00
db:NVDid:CVE-2021-43283date:2024-11-21T06:28:59.940

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-95233date:2021-12-08T00:00:00
db:JVNDBid:JVNDB-2021-015772date:2022-11-30T00:00:00
db:CNNVDid:CNNVD-202111-2380date:2021-11-30T00:00:00
db:NVDid:CVE-2021-43283date:2021-11-30T19:15:09.510