CVE-2021-39289 - OpenCVE

Certain NetModule devices have Insecure Password Handling (cleartext or reversible encryption), These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Netmodule	Nb3701 Nb2710 Nb2800 Nb3700 Nb1600 Nb3720 Nb3800 Nb2700 Nb2810 Nb800 Nb3711 Nb1810 Netmodule Router Software Nb1601 Nb1800 Nb3710

Configuration 1 [-]

AND

OR	cpe:2.3:a:netmodule:netmodule_router_software::::::::
	cpe:2.3:a:netmodule:netmodule_router_software::::::::
	cpe:2.3:a:netmodule:netmodule_router_software::::::::

OR	cpe:2.3:h:netmodule:nb1600:-:::::::*
	cpe:2.3:h:netmodule:nb1601:-:::::::*
	cpe:2.3:h:netmodule:nb1800:-:::::::*
	cpe:2.3:h:netmodule:nb1810:-:::::::*
	cpe:2.3:h:netmodule:nb2700:-:::::::*
	cpe:2.3:h:netmodule:nb2710:-:::::::*
	cpe:2.3:h:netmodule:nb2800:-:::::::*
	cpe:2.3:h:netmodule:nb2810:-:::::::*
	cpe:2.3:h:netmodule:nb3700:-:::::::*
	cpe:2.3:h:netmodule:nb3701:-:::::::*
	cpe:2.3:h:netmodule:nb3710:-:::::::*
	cpe:2.3:h:netmodule:nb3711:-:::::::*
	cpe:2.3:h:netmodule:nb3720:-:::::::*
	cpe:2.3:h:netmodule:nb3800:-:::::::*
	cpe:2.3:h:netmodule:nb800:-:::::::*

References

Link	Resource
http://seclists.org/fulldisclosure/2021/Aug/22	Exploit Mailing List Third Party Advisory
https://www.netmodule.com	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-08-23T04:33:03

Updated: 2021-08-23T04:33:03

Reserved: 2021-08-18T00:00:00

Link: CVE-2021-39289

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-08-23T05:15:08.380

Modified: 2023-11-02T15:45:31.337

Link: CVE-2021-39289

JSON object: View

Redhat Information

No data.

CWE

CWE-522

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Certain NetModule devices have Insecure Password Handling (cleartext or reversible encryption), These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-08-23T04:33:03", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.netmodule.com"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://seclists.org/fulldisclosure/2021/Aug/22"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-39289", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Certain NetModule devices have Insecure Password Handling (cleartext or reversible encryption), These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.netmodule.com", "refsource": "MISC", "url": "https://www.netmodule.com"}, {"name": "http://seclists.org/fulldisclosure/2021/Aug/22", "refsource": "CONFIRM", "url": "http://seclists.org/fulldisclosure/2021/Aug/22"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-39289", "datePublished": "2021-08-23T04:33:03", "dateReserved": "2021-08-18T00:00:00", "dateUpdated": "2021-08-23T04:33:03", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netmodule:netmodule_router_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "012DBD5F-C5F7-472F-98F0-0EE481A1A39D", "versionEndExcluding": "4.3.0.113", "vulnerable": true}, {"criteria": "cpe:2.3:a:netmodule:netmodule_router_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "46A74835-CD8C-4CD7-98B5-0820A02DEAA0", "versionEndExcluding": "4.4.0.111", "versionStartIncluding": "4.4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:netmodule:netmodule_router_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "09DCDB3A-0E51-4C6E-8423-DD2F84C64478", "versionEndExcluding": "4.5.0.105", "versionStartIncluding": "4.5.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netmodule:nb1600:-:*:*:*:*:*:*:*", "matchCriteriaId": "6D275CDC-0FE9-40C6-8CD4-3C836458C6C6", "vulnerable": false}, {"criteria": "cpe:2.3:h:netmodule:nb1601:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C90BC32-C405-4178-B944-9CF39C212C46", "vulnerable": false}, {"criteria": "cpe:2.3:h:netmodule:nb1800:-:*:*:*:*:*:*:*", "matchCriteriaId": "A80AE348-C415-4B5F-B359-26E2F2A132F7", "vulnerable": false}, {"criteria": "cpe:2.3:h:netmodule:nb1810:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3CF8E81-2EB5-4CDC-9FC9-CEAF4E1E7514", "vulnerable": false}, {"criteria": "cpe:2.3:h:netmodule:nb2700:-:*:*:*:*:*:*:*", "matchCriteriaId": "7751755B-A1A8-4538-94D1-A49FC40565A5", "vulnerable": false}, {"criteria": "cpe:2.3:h:netmodule:nb2710:-:*:*:*:*:*:*:*", "matchCriteriaId": "0AFE5094-EA46-4389-880F-32E892BC703D", "vulnerable": false}, {"criteria": "cpe:2.3:h:netmodule:nb2800:-:*:*:*:*:*:*:*", "matchCriteriaId": "EFF579A1-A31C-47F3-912A-43F5B4894497", "vulnerable": false}, {"criteria": "cpe:2.3:h:netmodule:nb2810:-:*:*:*:*:*:*:*", "matchCriteriaId": "41310FAF-CD23-4126-942D-DA950A96DF3E", "vulnerable": false}, {"criteria": "cpe:2.3:h:netmodule:nb3700:-:*:*:*:*:*:*:*", "matchCriteriaId": "79C621EF-0650-418D-B39D-C07FE4728DB9", "vulnerable": false}, {"criteria": "cpe:2.3:h:netmodule:nb3701:-:*:*:*:*:*:*:*", "matchCriteriaId": "962F7AFA-76A3-4F83-AA2C-AB168C644104", "vulnerable": false}, {"criteria": "cpe:2.3:h:netmodule:nb3710:-:*:*:*:*:*:*:*", "matchCriteriaId": "78EBE526-E036-4FCC-B617-376ABC679111", "vulnerable": false}, {"criteria": "cpe:2.3:h:netmodule:nb3711:-:*:*:*:*:*:*:*", "matchCriteriaId": "923D8D38-E3DB-47C0-92C3-AD1A05EEAC83", "vulnerable": false}, {"criteria": "cpe:2.3:h:netmodule:nb3720:-:*:*:*:*:*:*:*", "matchCriteriaId": "C2E345B5-CF76-4385-B4C3-B7F00DB0C52B", "vulnerable": false}, {"criteria": "cpe:2.3:h:netmodule:nb3800:-:*:*:*:*:*:*:*", "matchCriteriaId": "7120564A-4FE0-403E-A976-9658A665E51A", "vulnerable": false}, {"criteria": "cpe:2.3:h:netmodule:nb800:-:*:*:*:*:*:*:*", "matchCriteriaId": "3B550124-772B-4384-BA89-72B68E01F61E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Certain NetModule devices have Insecure Password Handling (cleartext or reversible encryption), These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800."}, {"lang": "es", "value": "Determinados dispositivos NetModule presentan un Manejo no Seguro de la Contrase\u00f1a (texto sin cifrar o encriptaci\u00f3n reversible), Estos modelos con versiones de firmware anteriores a 4.3.0.113, 4.4.0.111 y 4.5.0.105 est\u00e1n afectados: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720 y NB3800."}], "id": "CVE-2021-39289", "lastModified": "2023-11-02T15:45:31.337", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-08-23T05:15:08.380", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Aug/22"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.netmodule.com"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}], "source": "nvd@nist.gov", "type": "Primary"}]}