Details of VAR-202206-0320

ID

VAR-202206-0320

CVE

CVE-2021-42886

TITLE

TOTOLINK EX1200T Information Disclosure Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2022-53571 // CNNVD: CNNVD-202206-455

DESCRIPTION

TOTOLINK EX1200T V4.1.2cu.5215 contains an information disclosure vulnerability where an attacker can get the apmib configuration file without authorization, and usernames and passwords can be found in the decoded file. TOTOLINK of ex1200t Firmware has an information disclosure vulnerability.Information may be obtained. TOTOLINK EX1200T is a Wi-Fi range extender from China TOTOLINK

Trust: 2.25

sources: NVD: CVE-2021-42886 // JVNDB: JVNDB-2021-019784 // CNVD: CNVD-2022-53571 // VULMON: CVE-2021-42886

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-53571

AFFECTED PRODUCTS

vendor:	totolink	model:	ex1200t	scope:	eq	version:	4.1.2cu.5215	Trust: 1.0
vendor:	totolink	model:	ex1200t	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	ex1200t	scope:	eq	version:	ex1200t firmware 4.1.2cu.5215	Trust: 0.8
vendor:	totolink	model:	ex1200t	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	ex1200t v4.1.2cu.5215	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2022-53571 // JVNDB: JVNDB-2021-019784 // NVD: CVE-2021-42886

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-42886
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-42886
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2022-53571
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202206-455
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-42886
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-42886
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2022-53571
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-42886
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-42886
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-53571 // VULMON: CVE-2021-42886 // JVNDB: JVNDB-2021-019784 // CNNVD: CNNVD-202206-455 // NVD: CVE-2021-42886

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.0
problemtype:	information leak (CWE-200) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-019784 // NVD: CVE-2021-42886

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202206-455

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202206-455

EXTERNAL IDS

db:	NVD	id:	CVE-2021-42886	Trust: 3.9
db:	JVNDB	id:	JVNDB-2021-019784	Trust: 0.8
db:	CNVD	id:	CNVD-2022-53571	Trust: 0.6
db:	CNNVD	id:	CNNVD-202206-455	Trust: 0.6
db:	VULMON	id:	CVE-2021-42886	Trust: 0.1

sources: CNVD: CNVD-2022-53571 // VULMON: CVE-2021-42886 // JVNDB: JVNDB-2021-019784 // CNNVD: CNNVD-202206-455 // NVD: CVE-2021-42886

REFERENCES

url:	https://github.com/p1kk/vuln/blob/main/totolink_ex1200t_exportsettings_leak.md	Trust: 3.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-42886	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2021-42886/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-53571 // VULMON: CVE-2021-42886 // JVNDB: JVNDB-2021-019784 // CNNVD: CNNVD-202206-455 // NVD: CVE-2021-42886

SOURCES

db:	CNVD	id:	CNVD-2022-53571
db:	VULMON	id:	CVE-2021-42886
db:	JVNDB	id:	JVNDB-2021-019784
db:	CNNVD	id:	CNNVD-202206-455
db:	NVD	id:	CVE-2021-42886

LAST UPDATE DATE

2024-11-23T22:15:45.964000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-53571	date:	2022-07-26T00:00:00
db:	VULMON	id:	CVE-2021-42886	date:	2022-06-13T00:00:00
db:	JVNDB	id:	JVNDB-2021-019784	date:	2023-08-17T08:36:00
db:	CNNVD	id:	CNNVD-202206-455	date:	2022-06-14T00:00:00
db:	NVD	id:	CVE-2021-42886	date:	2024-11-21T06:28:16.390

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-53571	date:	2022-07-26T00:00:00
db:	VULMON	id:	CVE-2021-42886	date:	2022-06-03T00:00:00
db:	JVNDB	id:	JVNDB-2021-019784	date:	2023-08-17T00:00:00
db:	CNNVD	id:	CNNVD-202206-455	date:	2022-06-03T00:00:00
db:	NVD	id:	CVE-2021-42886	date:	2022-06-03T12:15:07.890