CVE-2021-20843

Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted web page.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:yamaha:rtx830_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yamaha:rtx830:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:yamaha:nvr510_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yamaha:nvr510:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:yamaha:nvr700w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yamaha:nvr700w:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:yamaha:rtx1210_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yamaha:rtx1210:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:ntt-west:biz_box_rtx830_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ntt-west:biz_box_rtx830:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:ntt-west:biz_box_nvr510_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ntt-west:biz_box_nvr510:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:ntt-west:biz_box_nvr700w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ntt-west:biz_box_nvr700w:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:ntt-west:biz_box_rtx1210_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ntt-west:biz_box_rtx1210:-:*:*:*:*:*:*:*

Information

Published : 2021-11-24 08:15

Updated : 2021-11-29 23:11


NVD link : CVE-2021-20843

Mitre link : CVE-2021-20843


JSON object : View

CWE
CWE-829

Inclusion of Functionality from Untrusted Control Sphere

Advertisement

dedicated server usa

Products Affected

ntt-west

  • biz_box_nvr510_firmware
  • biz_box_rtx1210_firmware
  • biz_box_rtx830
  • biz_box_rtx830_firmware
  • biz_box_nvr510
  • biz_box_nvr700w
  • biz_box_rtx1210
  • biz_box_nvr700w_firmware

yamaha

  • nvr700w_firmware
  • rtx830
  • rtx1210
  • nvr510_firmware
  • rtx830_firmware
  • rtx1210_firmware
  • nvr700w
  • nvr510