CVE-2021-34543 - OpenCVE

The web administration server in Solar-Log 500 before 2.8.2 Build 52 does not require authentication, which allows remote attackers to gain administrative privileges by connecting to the server. As a result, the attacker can modify configuration files and change the system status.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Bkw	Solar-log 500 Solar-log 500 Firmware

Configuration 1 [-]

AND

cpe:2.3:h:bkw:solar-log_500:-:*:*:*:*:*:*:*

OR	cpe:2.3:o:bkw:solar-log_500_firmware::::::::
	cpe:2.3:o:bkw:solar-log_500_firmware:2.8.2:build_50::::::

No data.

References

Link	Providers
https://drive.google.com/file/d/1z1TaANlDyX4SOP2vjNzkPQI3nETL9kZM/view?usp=sharing
https://www.exploit-db.com/exploits/49986
https://www.solar-log.com/en/support/firmware/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-12-07T20:39:05

Updated: 2024-08-04T00:12:50.391Z

Reserved: 2021-06-10T00:00:00

Link: CVE-2021-34543

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-12-07T21:15:08.177

Modified: 2022-07-12T17:42:04.277

Link: CVE-2021-34543

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The web administration server in Solar-Log 500 before 2.8.2 Build 52 does not require authentication, which allows remote attackers to gain administrative privileges by connecting to the server. As a result, the attacker can modify configuration files and change the system status."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-12-07T20:39:05", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://drive.google.com/file/d/1z1TaANlDyX4SOP2vjNzkPQI3nETL9kZM/view?usp=sharing"}, {"tags": ["x_refsource_MISC"], "url": "https://www.solar-log.com/en/support/firmware/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.exploit-db.com/exploits/49986"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-34543", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The web administration server in Solar-Log 500 before 2.8.2 Build 52 does not require authentication, which allows remote attackers to gain administrative privileges by connecting to the server. As a result, the attacker can modify configuration files and change the system status."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://drive.google.com/file/d/1z1TaANlDyX4SOP2vjNzkPQI3nETL9kZM/view?usp=sharing", "refsource": "MISC", "url": "https://drive.google.com/file/d/1z1TaANlDyX4SOP2vjNzkPQI3nETL9kZM/view?usp=sharing"}, {"name": "https://www.solar-log.com/en/support/firmware/", "refsource": "MISC", "url": "https://www.solar-log.com/en/support/firmware/"}, {"name": "https://www.exploit-db.com/exploits/49986", "refsource": "MISC", "url": "https://www.exploit-db.com/exploits/49986"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T00:12:50.391Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://drive.google.com/file/d/1z1TaANlDyX4SOP2vjNzkPQI3nETL9kZM/view?usp=sharing"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.solar-log.com/en/support/firmware/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.exploit-db.com/exploits/49986"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-34543", "datePublished": "2021-12-07T20:39:05", "dateReserved": "2021-06-10T00:00:00", "dateUpdated": "2024-08-04T00:12:50.391Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:bkw:solar-log_500:-:*:*:*:*:*:*:*", "matchCriteriaId": "23D1D50E-F2F1-47CF-AA1A-B867D81D4CF1", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:bkw:solar-log_500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "19ED9993-E59A-4064-A37E-E3E8E8DE2BE4", "versionEndIncluding": "2.8.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:bkw:solar-log_500_firmware:2.8.2:build_50:*:*:*:*:*:*", "matchCriteriaId": "9CFB1BA6-3B98-4C2B-BD18-A0D173B847E2", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The web administration server in Solar-Log 500 before 2.8.2 Build 52 does not require authentication, which allows remote attackers to gain administrative privileges by connecting to the server. As a result, the attacker can modify configuration files and change the system status."}, {"lang": "es", "value": "El servidor de administraci\u00f3n web en Solar-Log 500 versiones anteriores a 2.8.2 Build 52 no requiere autenticaci\u00f3n, lo que permite a atacantes remotos conseguir privilegios administrativos al conectarse al servidor. Como resultado, el atacante puede modificar los archivos de configuraci\u00f3n y cambiar el estado del sistema"}], "id": "CVE-2021-34543", "lastModified": "2022-07-12T17:42:04.277", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-12-07T21:15:08.177", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://drive.google.com/file/d/1z1TaANlDyX4SOP2vjNzkPQI3nETL9kZM/view?usp=sharing"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/49986"}, {"source": "cve@mitre.org", "tags": ["Product", "Release Notes", "Vendor Advisory"], "url": "https://www.solar-log.com/en/support/firmware/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}]}