CVE-2021-46247 - OpenCVE

The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from ASUS CMAX6000 v1.02.00.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Asus	Cmax6000 Cmax6000 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:asus:cmax6000_firmware:1.02.00:*:*:*:*:*:*:*

cpe:2.3:h:asus:cmax6000:-:*:*:*:*:*:*:*

References

Link	Resource
https://drive.google.com/drive/folders/1lSaxWKiNKRkeZxQanEMpt906aUgDGUk_?usp=sharing	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-02-17T18:15:41

Updated: 2022-02-17T18:15:41

Reserved: 2022-01-10T00:00:00

Link: CVE-2021-46247

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-02-17T19:15:07.963

Modified: 2022-02-25T18:00:38.003

Link: CVE-2021-46247

JSON object: View

Redhat Information

No data.

CWE

CWE-798

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:asus:cmax6000_firmware:1.02.00:*:*:*:*:*:*:*", "matchCriteriaId": "B844F547-D7D9-461E-AF07-189EC13076FF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:asus:cmax6000:-:*:*:*:*:*:*:*", "matchCriteriaId": "3B6E6A71-F453-437F-8602-A39C6D671878", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from ASUS CMAX6000 v1.02.00."}, {"lang": "es", "value": "El uso de una clave criptogr\u00e1fica embebida aumenta significativamente la posibilidad de que los datos encriptados puedan ser recuperados de ASUS CMAX6000 versi\u00f3n v1.02.00"}], "id": "CVE-2021-46247", "lastModified": "2022-02-25T18:00:38.003", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-02-17T19:15:07.963", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://drive.google.com/drive/folders/1lSaxWKiNKRkeZxQanEMpt906aUgDGUk_?usp=sharing"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}]}