CVE-2021-22267

MEDIUM Year: 2021
CVSS v3 Score
5.9
Medium
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-294
View all →

Vulnerability Description

Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, allows a remote replay attack for T0320L01^ABP through T0320L01^ABZ, T0952L01^AAH through T0952L01^AAR, T0986L01 through T0986L01^AAF, T0665L01^AAP, and T0662L01^AAP (L) and T0320H01^ABO through T0320H01^ABY, T0952H01^AAG through T0952H01^AAQ, T0986H01 through T0986H01^AAE, T0665H01^AAO, and T0662H01^AAO (J and H).

Related Vulnerabilities

CVE-2013-1351

MEDIUM
CVSS:5.9(Medium)

Verax NMS prior to 2.10 allows authentication via the encrypted password without knowing the cleartext password.

CWE-2942013

CVE-2020-24722

MEDIUM
CVSS:5.9(Medium)

An issue was discovered in the GAEN (aka Google/Apple Exposure Notifications) protocol through 2020-10-05, as used in COVID-19 applications on Android and iOS. The encrypted metadata block with a TX v...

CWE-2942020

CVE-2020-9438

MEDIUM
CVSS:5.9(Medium)

Tinxy Door Lock with firmware before 3.2 allow attackers to unlock a door by replaying an Unlock request that occurred when the attacker was previously authorized. In other words, door-access revocati...

CWE-2942020

CVE-2022-29593

MEDIUM
CVSS:5.9(Medium)

relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker to replay HTTP post requests without the need for authentication or a valid signed/authorized request.

CWE-2942022

CVE-2022-43704

MEDIUM
CVSS:5.9(Medium)

The Sinilink XY-WFT1 WiFi Remote Thermostat, running firmware 1.3.6, allows an attacker to bypass the intended requirement to communicate using MQTT. It is possible to replay Sinilink aka SINILINK521 ...

CWE-2942022

CVE-2023-33621

MEDIUM
CVSS:5.9(Medium)

GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request when the OpenVPN Server config file is downloaded. The token is then left in the browser history or acce...

CWE-2942023