Unrated severityNVD Advisory· Published Nov 24, 2021· Updated Aug 3, 2024

CVE-2021-20844

Description

Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to obtain sensitive information via a specially crafted web page.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Yamaha/NVR700Wllm-fuzzy
Range: <=15.00.19
Yamaha/NVR510llm-fuzzy
Range: <=15.01.18
Yamaha/RTX830llm-fuzzy
Range: <=15.02.17
Yamaha Corporation/RTX830, NVR510, NVR700W, RTX1210v5
Range: RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, RTX1210 Rev.14.01.38 and earlier

Patches

Vulnerability mechanics

References

www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU91161784.htmlmitrex_refsource_MISC
business.ntt-east.co.jp/topics/2021/11_09.htmlmitrex_refsource_MISC
jvn.jp/en/vu/JVNVU91161784/index.htmlmitrex_refsource_MISC
www.ntt-west.co.jp/smb/kiki_info/info/211109.htmlmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000