{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to using fixed loop counter variable without checking the actual available length via a crafted lldp packet."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-05-10T10:42:55", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.moxa.com/en/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.moxa.com/en/support/product-support/security-advisory/vport-06ec-2v-series-ip-cameras-vulnerabilities"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-25848", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to using fixed loop counter variable without checking the actual available length via a crafted lldp packet."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.moxa.com/en/", "refsource": "MISC", "url": "https://www.moxa.com/en/"}, {"name": "https://www.moxa.com/en/support/product-support/security-advisory/vport-06ec-2v-series-ip-cameras-vulnerabilities", "refsource": "MISC", "url": "https://www.moxa.com/en/support/product-support/security-advisory/vport-06ec-2v-series-ip-cameras-vulnerabilities"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-25848", "datePublished": "2021-05-10T10:42:55", "dateReserved": "2021-01-22T00:00:00", "dateUpdated": "2021-05-10T10:42:55", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:vport_06ec-2v26m_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7A045609-DB72-4D4E-96EB-F43A03E6AAE4", "versionEndIncluding": "1.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:vport_06ec-2v26m:-:*:*:*:*:*:*:*", "matchCriteriaId": "7AB3C716-2ECC-44B7-9AD9-7F198ABE7B24", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:vport_06ec-2v36m-t_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "15F70B46-0F34-46DE-AE74-C7468E634285", "versionEndIncluding": "1.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:vport_06ec-2v36m-t:-:*:*:*:*:*:*:*", "matchCriteriaId": "B868CC06-2F7F-4951-88BF-37488D52FC55", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:vport_06ec-2v36m-ct_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5E748BCD-CBB5-4FB2-9DE0-3B3B7E5304A5", "versionEndIncluding": "1.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:vport_06ec-2v36m-ct:-:*:*:*:*:*:*:*", "matchCriteriaId": "4A2B0E14-196A-47C2-A721-7DBF15E5F06F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:vport_06ec-2v36m-ct-t_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "73F035BE-103B-466D-8AC7-1CEF91072C4D", "versionEndIncluding": "1.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:vport_06ec-2v36m-ct-t:-:*:*:*:*:*:*:*", "matchCriteriaId": "6A855BB2-C047-452E-9DD9-2C3233FAB568", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:vport_06ec-2v42m_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8AF372A2-E2D2-40B4-8BA5-205C53CDAF40", "versionEndIncluding": "1.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:vport_06ec-2v42m:-:*:*:*:*:*:*:*", "matchCriteriaId": "729825E5-E15A-487B-9FDD-153ED5488BA9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:vport_06ec-2v42m-t_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E8DCAC04-4AB7-47B8-A9F7-92EB8D4B4E81", "versionEndIncluding": "1.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:vport_06ec-2v42m-t:-:*:*:*:*:*:*:*", "matchCriteriaId": "D940BF75-4F82-4D20-991E-BD4EB0F4ED1C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:vport_06ec-2v42m-ct_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2AC04DAF-F491-4934-96FD-F86D51C81428", "versionEndIncluding": "1.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:vport_06ec-2v42m-ct:-:*:*:*:*:*:*:*", "matchCriteriaId": "1989369B-A59E-4281-8896-5EC6C6B035A7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:vport_06ec-2v42m-ct-t_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E932C821-8B10-409C-BB75-839314C51799", "versionEndIncluding": "1.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:vport_06ec-2v42m-ct-t:-:*:*:*:*:*:*:*", "matchCriteriaId": "9EAB1E29-5138-4BDA-A314-4BCA75599600", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:vport_06ec-2v60m_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A92C31E4-45BB-4598-AB2C-BDA3BC8FF0A1", "versionEndIncluding": "1.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:vport_06ec-2v60m:-:*:*:*:*:*:*:*", "matchCriteriaId": "65C52196-9B1A-45BC-B14F-E2A1D7DDCDE8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:vport_06ec-2v60m-t_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B51442C2-72B1-4A5D-A6F2-DB41B8FE1219", "versionEndIncluding": "1.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:vport_06ec-2v60m-t:-:*:*:*:*:*:*:*", "matchCriteriaId": "6C7E4C20-9544-4B83-8113-36F4AC9D55CD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:vport_06ec-2v60m-ct_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C9D8EDFF-ED6D-452C-9BC9-80C678DF074F", "versionEndIncluding": "1.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:vport_06ec-2v60m-ct:-:*:*:*:*:*:*:*", "matchCriteriaId": "EF751858-BDA7-4771-80D1-72106C418C96", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:vport_06ec-2v60m-ct-t_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "34990DFD-AB95-4A6D-A480-BC68001D4965", "versionEndIncluding": "1.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:vport_06ec-2v60m-ct-t:-:*:*:*:*:*:*:*", "matchCriteriaId": "7CE0C80E-8849-4271-90F6-813371C84AE8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:vport_06ec-2v80m_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A696CAEC-DF2A-4316-B7D6-1D7F841692E0", "versionEndIncluding": "1.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:vport_06ec-2v80m:-:*:*:*:*:*:*:*", "matchCriteriaId": "4DBA1F22-198C-4DCB-9A82-D7B350B27B33", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:vport_06ec-2v80m-t_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2FB44FAB-EFE6-4D98-AFDD-7E466D1CC356", "versionEndIncluding": "1.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:vport_06ec-2v80m-t:-:*:*:*:*:*:*:*", "matchCriteriaId": "442FAF51-C13B-47B9-BC98-287778244A55", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:vport_06ec-2v80m-ct_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "73BCB213-2D83-40D2-913B-5331BEFFC53C", "versionEndIncluding": "1.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:vport_06ec-2v80m-ct:-:*:*:*:*:*:*:*", "matchCriteriaId": "89117711-F723-4AC6-AB0E-40B71CDB3E0F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:vport_06ec-2v80m-ct-t_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B5097591-8E80-42D1-A14A-5DD8EBF75EC0", "versionEndIncluding": "1.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:vport_06ec-2v80m-ct-t:-:*:*:*:*:*:*:*", "matchCriteriaId": "E07DB8C8-41D7-462E-9AFD-C28ACBB3E0F5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to using fixed loop counter variable without checking the actual available length via a crafted lldp packet."}, {"lang": "es", "value": "Una comprobaci\u00f3n inapropiada del campo de longitud de LLDP-MED TLV en el archivo userdisk/vport_lldpd en Moxa Camera VPort 06EC-2V Series, versi\u00f3n 1.1, permite una divulgaci\u00f3n de informaci\u00f3n a los atacantes debido al uso de la variable de contador de bucle fijo sin comprobar la longitud real disponible por medio de un paquete lldp dise\u00f1ado"}], "id": "CVE-2021-25848", "lastModified": "2021-05-18T19:57:49.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 8.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 7.8, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-05-10T11:15:07.937", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.moxa.com/en/"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.moxa.com/en/support/product-support/security-advisory/vport-06ec-2v-series-ip-cameras-vulnerabilities"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}