exploitDog

CVE-2021-20121

Опубликовано: 11 окт. 2021

Источник: nvd

CVSS3: 4

CVSS2: 1.9

EPSS Низкий

Описание

The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is vulnerable to an authenticated arbitrary file read. An authenticated user with physical access to the device can read arbitrary files from the device by preparing and connecting a specially prepared USB drive to the device, and making a series of crafted requests to the device's web interface.

Ссылки

https://www.tenable.com/security/research/tra-2021-41
Exploit
Third Party Advisory
https://www.tenable.com/security/research/tra-2021-41
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:telus:prv65b444a-s-ts_firmware:3.00.20:*:*:*:*:*:*:*

cpe:2.3:h:telus:prv65b444a-s-ts:-:*:*:*:*:*:*:*

EPSS

Процентиль: 22%

0.00072

Низкий

4 Medium

CVSS3

1.9 Low

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-3xvx-2gw5-hgv2

github

больше 3 лет назад

The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is vulnerable to an authenticated arbitrary file read. An authenticated user with physical access to the device can read arbitrary files from the device by preparing and connecting a specially prepared USB drive to the device, and making a series of crafted requests to the device's web interface.

EPSS

Процентиль: 22%

0.00072

Низкий

4 Medium

CVSS3

1.9 Low

CVSS2

Дефекты

NVD-CWE-noinfo