CVE-2021-20590

Description

Improper authentication vulnerability in GOT2000 series GT27 model all versions, GOT2000 series GT25 model all versions, GOT2000 series GT21 model GT2107-WTBD all versions ,GOT2000 series GT21 model GT2107-WTSD all versions, GOT SIMPLE series GS21 model GS2110-WTBD-N all versions and GOT SIMPLE series GS21 model GS2107-WTBD-N all versions allows a remote unauthenticated attacker to gain unauthorized access via specially crafted packets when the "VNC server" function is used.

Related CPE's

omitsubishielectricgot2000_gt27_firmware********
vulnerable
hmitsubishielectricgot2000_gt27-*******
omitsubishielectricgot2000_gt25_firmware********
vulnerable
hmitsubishielectricgot2000_gt25-*******
omitsubishielectricgt2107-wtbd_firmware********
vulnerable
hmitsubishielectricgt2107-wtbd-*******
omitsubishielectricgt2107-wtsd_firmware********
vulnerable
hmitsubishielectricgt2107-wtsd-*******
omitsubishielectricgs2110-wtbd-n_firmware********
vulnerable
hmitsubishielectricgs2110-wtbd-n-*******

References

https://jvn.jp/vu/JVNVU97615777/index.html

Third Party Advisory

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-001_en.pdf

Vendor Advisory

CvssV3 impact

BaseSeverity

HIGH

ConfidentialityImpact

NONE

AttackComplexity

LOW

Scope

UNCHANGED

AttackVector

NETWORK

AvailabilityImpact

NONE

IntegrityImpact

HIGH

PrivilegesRequired

NONE

BaseScore

7.5

VectorString

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Version

3.1

UserInteraction

NONE

CvssV2 impact

AccessComplexity

LOW

ConfidentialityImpact

NONE

AvailabilityImpact

NONE

IntegrityImpact

PARTIAL

BaseScore

5

VectorString

AV:N/AC:L/Au:N/C:N/I:P/A:N

Version

2.0

AccessVector

NETWORK

Authentication

NONE