Description

Improper authentication vulnerability in GOT2000 series GT27 model VNC server versions 01.39.010 and prior, GOT2000 series GT25 model VNC server versions 01.39.010 and prior, GOT2000 series GT21 model GT2107-WTBD VNC server versions 01.40.000 and prior, GOT2000 series GT21 model GT2107-WTSD VNC server versions 01.40.000 and prior, GOT SIMPLE series GS21 model GS2110-WTBD-N VNC server versions 01.40.000 and prior and GOT SIMPLE series GS21 model GS2107-WTBD-N VNC server versions 01.40.000 and prior allows a remote unauthenticated attacker to gain unauthorized access via specially crafted packets when the "VNC server" function is used.

Related CPE's

o

mitsubishielectric

got2000_gt27_firmware

Vulnerable

h

mitsubishielectric

got2000_gt27

-

o

mitsubishielectric

got2000_gt25_firmware

Vulnerable

h

mitsubishielectric

got2000_gt25

-

o

mitsubishielectric

gt2107-wtbd_firmware

Vulnerable

h

mitsubishielectric

gt2107-wtbd

-

o

mitsubishielectric

gt2107-wtsd_firmware

Vulnerable

h

mitsubishielectric

gt2107-wtsd

-

o

mitsubishielectric

gs2110-wtbd-n_firmware

Vulnerable

h

mitsubishielectric

gs2110-wtbd-n

-

o

mitsubishielectric

gs2107-wtbd-n_firmware

Vulnerable

h

mitsubishielectric

gs2107-wtbd-n

-

References

https://jvn.jp/vu/JVNVU97615777/index.html

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-001_en.pdf

Weaknesses

[email protected]

Primary
CWE-287

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.5 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-04-22T19:15:07.363

4 years ago

Last modified

2023-11-07T03:29:08.447

1 year ago