CVE-2021-20844
First published: Wed Nov 24 2021(Updated: )
Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to obtain sensitive information via a specially crafted web page.
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Yamaha Rtx830 Firmware | <=15.02.17 | |
| Yamaha Rtx830 | ||
| Yamaha Nvr510 Firmware | <=15.01.18 | |
| Yamaha Nvr510 | ||
| Yamaha Nvr700w Firmware | <=15.00.19 | |
| Yamaha Nvr700w | ||
| Yamaha Rtx1210 Firmware | <=14.01.38 | |
| Yamaha Rtx1210 | ||
| Ntt-west Biz Box Rtx830 Firmware | <=15.02.17 | |
| Ntt-west Biz Box Rtx830 | ||
| Ntt-west Biz Box Nvr510 Firmware | <15.01.18 | |
| Ntt-west Biz Box Nvr510 | ||
| Ntt-west Biz Box Nvr700w Firmware | <=15.00.19 | |
| Ntt-west Biz Box Nvr700w | ||
| Ntt-west Biz Box Rtx1210 Firmware | <=14.01.38 | |
| Ntt-west Biz Box Rtx1210 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2021-20844.
What is the severity of CVE-2021-20844?
The severity of CVE-2021-20844 is medium with a CVSS score of 5.7.
Which software versions are affected by CVE-2021-20844?
RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier are affected by CVE-2021-20844.
How can a remote attacker exploit CVE-2021-20844?
A remote authenticated attacker can exploit CVE-2021-20844 by obtaining sensitive information through improper neutralization of HTTP request headers for scripting syntax in the Web GUI.
Where can I find more information about CVE-2021-20844?
More information about CVE-2021-20844 can be found at the following references: [http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html](http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.html), [https://business.ntt-east.co.jp/topics/2021/11_09.html](https://business.ntt-east.co.jp/topics/2021/11_09.html), [https://jvn.jp/en/vu/JVNVU91161784/index.html](https://jvn.jp/en/vu/JVNVU91161784/index.html).
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- vendor/yamaha
- canonical/yamaha rtx830 firmware
- version/yamaha rtx830 firmware/15.02.17
- canonical/yamaha rtx830
- canonical/yamaha nvr510 firmware
- version/yamaha nvr510 firmware/15.01.18
- canonical/yamaha nvr510
- canonical/yamaha nvr700w firmware
- version/yamaha nvr700w firmware/15.00.19
- canonical/yamaha nvr700w
- canonical/yamaha rtx1210 firmware
- version/yamaha rtx1210 firmware/14.01.38
- canonical/yamaha rtx1210
- vendor/ntt-west
- canonical/ntt-west biz box rtx830 firmware
- version/ntt-west biz box rtx830 firmware/15.02.17
- canonical/ntt-west biz box rtx830
- canonical/ntt-west biz box nvr510 firmware
- canonical/ntt-west biz box nvr510
- canonical/ntt-west biz box nvr700w firmware
- version/ntt-west biz box nvr700w firmware/15.00.19
- canonical/ntt-west biz box nvr700w
- canonical/ntt-west biz box rtx1210 firmware
- version/ntt-west biz box rtx1210 firmware/14.01.38
- canonical/ntt-west biz box rtx1210