Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
0

CVE-2021-31895

Disclosure Date: July 13, 2021
CVE-2021-31895 CVSS v3 Base Score: 9.8
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions < V4.3.7), RUGGEDCOM ROS M2200 (All versions < V4.3.7), RUGGEDCOM ROS M969 (All versions < V4.3.7), RUGGEDCOM ROS RMC (All versions < V4.3.7), RUGGEDCOM ROS RMC20 (All versions < V4.3.7), RUGGEDCOM ROS RMC30 (All versions < V4.3.7), RUGGEDCOM ROS RMC40 (All versions < V4.3.7), RUGGEDCOM ROS RMC41 (All versions < V4.3.7), RUGGEDCOM ROS RMC8388 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RMC8388 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RP110 (All versions < V4.3.7), RUGGEDCOM ROS RS400 (All versions < V4.3.7), RUGGEDCOM ROS RS401 (All versions < V4.3.7), RUGGEDCOM ROS RS416 (All versions < V4.3.7), RUGGEDCOM ROS RS416v2 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RS416v2 V5.X (All versions < 5.5.4), RUGGEDCOM ROS RS8000 (All versions < V4.3.7), RUGGEDCOM ROS RS8000A (All versions < V4.3.7), RUGGEDCOM ROS RS8000H (All versions < V4.3.7), RUGGEDCOM ROS RS8000T (All versions < V4.3.7), RUGGEDCOM ROS RS900 (32M) V4.X (All versions < V4.3.7), RUGGEDCOM ROS RS900 (32M) V5.X (All versions < V5.5.4), RUGGEDCOM ROS RS900G (All versions < V4.3.7), RUGGEDCOM ROS RS900G (32M) V4.X (All versions < V4.3.7), RUGGEDCOM ROS RS900G (32M) V5.X (All versions < V5.5.4), RUGGEDCOM ROS RS900GP (All versions < V4.3.7), RUGGEDCOM ROS RS900L (All versions < V4.3.7), RUGGEDCOM ROS RS900W (All versions < V4.3.7), RUGGEDCOM ROS RS910 (All versions < V4.3.7), RUGGEDCOM ROS RS910L (All versions < V4.3.7), RUGGEDCOM ROS RS910W (All versions < V4.3.7), RUGGEDCOM ROS RS920L (All versions < V4.3.7), RUGGEDCOM ROS RS920W (All versions < V4.3.7), RUGGEDCOM ROS RS930L (All versions < V4.3.7), RUGGEDCOM ROS RS930W (All versions < V4.3.7), RUGGEDCOM ROS RS940G (All versions < V4.3.7), RUGGEDCOM ROS RS969 (All versions < V4.3.7), RUGGEDCOM ROS RSG2100 (32M) V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2100 (32M) V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2100 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2100P (All versions < V4.3.7), RUGGEDCOM ROS RSG2100P (32M) V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2100P (32M) V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2200 (All versions < V4.3.7), RUGGEDCOM ROS RSG2288 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2288 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2300 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2300 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2300P V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2300P V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2488 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2488 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG900 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG900 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG900C (All versions < V5.5.4), RUGGEDCOM ROS RSG900G V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG900G V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG900R (All versions < V5.5.4), RUGGEDCOM ROS RSG920P V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG920P V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSL910 (All versions < V5.5.4), RUGGEDCOM ROS RST2228 (All versions < V5.5.4), RUGGEDCOM ROS RST916C (All versions < V5.5.4), RUGGEDCOM ROS RST916P (All versions < V5.5.4), RUGGEDCOM ROS i800 (All versions < V4.3.7), RUGGEDCOM ROS i801 (All versions < V4.3.7), RUGGEDCOM ROS i802 (All versions < V4.3.7), RUGGEDCOM ROS i803 (All versions < V4.3.7). The DHCP client in affected devices fails to properly sanitize incoming DHCP packets. This could allow an unauthenticated remote attacker to cause memory to be overwritten, potentially allowing remote code execution.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
9.8 Critical
Impact Score:
5.9
Exploitability Score:
3.9
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
RUGGEDCOM ROS M2100 All versions < V4.3.7
RUGGEDCOM ROS M2200 All versions < V4.3.7
RUGGEDCOM ROS M969 All versions < V4.3.7
RUGGEDCOM ROS RMC All versions < V4.3.7
RUGGEDCOM ROS RMC20 All versions < V4.3.7
RUGGEDCOM ROS RMC30 All versions < V4.3.7
RUGGEDCOM ROS RMC40 All versions < V4.3.7
RUGGEDCOM ROS RMC41 All versions < V4.3.7
RUGGEDCOM ROS RMC8388 V4.X All versions < V4.3.7
RUGGEDCOM ROS RMC8388 V5.X All versions < V5.5.4
RUGGEDCOM ROS RP110 All versions < V4.3.7
RUGGEDCOM ROS RS400 All versions < V4.3.7
RUGGEDCOM ROS RS401 All versions < V4.3.7
RUGGEDCOM ROS RS416 All versions < V4.3.7
RUGGEDCOM ROS RS416v2 V4.X All versions < V4.3.7
RUGGEDCOM ROS RS416v2 V5.X All versions < 5.5.4
RUGGEDCOM ROS RS8000 All versions < V4.3.7
RUGGEDCOM ROS RS8000A All versions < V4.3.7
RUGGEDCOM ROS RS8000H All versions < V4.3.7
RUGGEDCOM ROS RS8000T All versions < V4.3.7
RUGGEDCOM ROS RS900 (32M) V4.X All versions < V4.3.7
RUGGEDCOM ROS RS900 (32M) V5.X All versions < V5.5.4
RUGGEDCOM ROS RS900G All versions < V4.3.7
RUGGEDCOM ROS RS900G (32M) V4.X All versions < V4.3.7
RUGGEDCOM ROS RS900G (32M) V5.X All versions < V5.5.4
RUGGEDCOM ROS RS900GP All versions < V4.3.7
RUGGEDCOM ROS RS900L All versions < V4.3.7
RUGGEDCOM ROS RS900W All versions < V4.3.7
RUGGEDCOM ROS RS910 All versions < V4.3.7
RUGGEDCOM ROS RS910L All versions < V4.3.7
RUGGEDCOM ROS RS910W All versions < V4.3.7
RUGGEDCOM ROS RS920L All versions < V4.3.7
RUGGEDCOM ROS RS920W All versions < V4.3.7
RUGGEDCOM ROS RS930L All versions < V4.3.7
RUGGEDCOM ROS RS930W All versions < V4.3.7
RUGGEDCOM ROS RS940G All versions < V4.3.7
RUGGEDCOM ROS RS969 All versions < V4.3.7
RUGGEDCOM ROS RSG2100 (32M) V4.X All versions < V4.3.7
RUGGEDCOM ROS RSG2100 (32M) V5.X All versions < V5.5.4
RUGGEDCOM ROS RSG2100 V4.X All versions < V4.3.7
RUGGEDCOM ROS RSG2100P All versions < V4.3.7
RUGGEDCOM ROS RSG2100P (32M) V4.X All versions < V4.3.7
RUGGEDCOM ROS RSG2100P (32M) V5.X All versions < V5.5.4
RUGGEDCOM ROS RSG2200 All versions < V4.3.7
RUGGEDCOM ROS RSG2288 V4.X All versions < V4.3.7
RUGGEDCOM ROS RSG2288 V5.X All versions < V5.5.4
RUGGEDCOM ROS RSG2300 V4.X All versions < V4.3.7
RUGGEDCOM ROS RSG2300 V5.X All versions < V5.5.4
RUGGEDCOM ROS RSG2300P V4.X All versions < V4.3.7
RUGGEDCOM ROS RSG2300P V5.X All versions < V5.5.4
RUGGEDCOM ROS RSG2488 V4.X All versions < V4.3.7
RUGGEDCOM ROS RSG2488 V5.X All versions < V5.5.4
RUGGEDCOM ROS RSG900 V4.X All versions < V4.3.7
RUGGEDCOM ROS RSG900 V5.X All versions < V5.5.4
RUGGEDCOM ROS RSG900C All versions < V5.5.4
RUGGEDCOM ROS RSG900G V4.X All versions < V4.3.7
RUGGEDCOM ROS RSG900G V5.X All versions < V5.5.4
RUGGEDCOM ROS RSG900R All versions < V5.5.4
RUGGEDCOM ROS RSG920P V4.X All versions < V4.3.7
RUGGEDCOM ROS RSG920P V5.X All versions < V5.5.4
RUGGEDCOM ROS RSL910 All versions < V5.5.4
RUGGEDCOM ROS RST2228 All versions < V5.5.4
RUGGEDCOM ROS RST916C All versions < V5.5.4
RUGGEDCOM ROS RST916P All versions < V5.5.4
RUGGEDCOM ROS i800 All versions < V4.3.7
RUGGEDCOM ROS i801 All versions < V4.3.7
RUGGEDCOM ROS i802 All versions < V4.3.7
RUGGEDCOM ROS i803 All versions < V4.3.7
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis