Improper Access Control in SolarView Compact by Contec
CVE-2021-20657

5.4MEDIUM

Key Information:

Vendor

Contec Co., Ltd.

Status
Solarview Compact
Vendor
CVE Published:
24 February 2021

What is CVE-2021-20657?

An improper access control vulnerability in the SolarView Compact SV-CPT-MC310 prior to version 6.5 enables authenticated attackers to gain unauthorized access to and modify configuration settings. This flaw can be exploited via unspecified vectors, which poses a risk of compromising system integrity and operational security.

Affected Version(s)

SolarView Compact SV-CPT-MC310 prior to Ver.6.5

References

https://www.contec.com/jp/api/downloadlogger?download=htt...
x_refsource_MISC
https://www.contec.com/jp/download/contract/contract2/?it...
x_refsource_MISC
https://jvn.jp/en/jp/JVN37417423/index.html
x_refsource_MISC

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.