Details of VAR-202201-1106

ID

VAR-202201-1106

CVE

CVE-2021-44971

TITLE

AC15V1.0 and AC5V1.0 Improper Comparison Vulnerability in Firmware

Trust: 0.8

sources: JVNDB: JVNDB-2022-004279

DESCRIPTION

Multiple Tenda devices are affected by authentication bypass, such as AC15V1.0 Firmware V15.03.05.20_multi?AC5V1.0 Firmware V15.03.06.48_multi and so on. an attacker can obtain sensitive information, and even combine it with authenticated command injection to implement RCE. AC15V1.0 and AC5V1.0 An improper comparison vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda AC15 is a wireless router from the Chinese company Tenda

Trust: 2.16

sources: NVD: CVE-2021-44971 // JVNDB: JVNDB-2022-004279 // CNVD: CNVD-2022-22299

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-22299

AFFECTED PRODUCTS

vendor:	tenda	model:	ac15	scope:	eq	version:	15.03.05.20_multi	Trust: 1.0
vendor:	tenda	model:	ac5	scope:	eq	version:	15.03.06.48_multi	Trust: 1.0
vendor:	tenda	model:	ac5	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	ac15	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	ac15v1.0 15.03.05.20 multi	scope:	-	version:	-	Trust: 0.6
vendor:	tenda	model:	ac15v1.0 15.03.06.48 multi	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2022-22299 // JVNDB: JVNDB-2022-004279 // NVD: CVE-2021-44971

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-44971
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2021-44971
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2022-22299
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202201-2607
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2021-44971
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2022-22299
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-44971
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-44971
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-22299 // JVNDB: JVNDB-2022-004279 // CNNVD: CNNVD-202201-2607 // NVD: CVE-2021-44971

PROBLEMTYPE DATA

problemtype:	CWE-697	Trust: 1.0
problemtype:	Inappropriate comparison (CWE-697) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-004279 // NVD: CVE-2021-44971

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202201-2607

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202201-2607

PATCH

title:

Top Page

url:

https://tenda.com/

Trust: 0.8

sources: JVNDB: JVNDB-2022-004279

EXTERNAL IDS

db:	NVD	id:	CVE-2021-44971	Trust: 3.8
db:	JVNDB	id:	JVNDB-2022-004279	Trust: 0.8
db:	CNVD	id:	CNVD-2022-22299	Trust: 0.6
db:	CNNVD	id:	CNNVD-202201-2607	Trust: 0.6

sources: CNVD: CNVD-2022-22299 // JVNDB: JVNDB-2022-004279 // CNNVD: CNNVD-202201-2607 // NVD: CVE-2021-44971

REFERENCES

url:	https://github.com/21gun5/my_cve/blob/main/tenda/bypass_auth.md	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-44971	Trust: 2.0
url:	http://ac15v10.com	Trust: 1.6
url:	http://tenda.com	Trust: 1.6

sources: CNVD: CNVD-2022-22299 // JVNDB: JVNDB-2022-004279 // CNNVD: CNNVD-202201-2607 // NVD: CVE-2021-44971

SOURCES

db:	CNVD	id:	CNVD-2022-22299
db:	JVNDB	id:	JVNDB-2022-004279
db:	CNNVD	id:	CNNVD-202201-2607
db:	NVD	id:	CVE-2021-44971

LAST UPDATE DATE

2024-11-23T22:20:40.388000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-22299	date:	2022-03-24T00:00:00
db:	JVNDB	id:	JVNDB-2022-004279	date:	2023-04-04T05:01:00
db:	CNNVD	id:	CNNVD-202201-2607	date:	2022-07-14T00:00:00
db:	NVD	id:	CVE-2021-44971	date:	2024-11-21T06:31:45.903

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-22299	date:	2022-03-24T00:00:00
db:	JVNDB	id:	JVNDB-2022-004279	date:	2023-04-04T00:00:00
db:	CNNVD	id:	CNNVD-202201-2607	date:	2022-01-28T00:00:00
db:	NVD	id:	CVE-2021-44971	date:	2022-01-28T19:15:07.963