CVE-2021-20656

CWE-200 — Information Exposure3 documents3 sources

Severity

4.3MEDIUM

EPSS

0.3%

top 44.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Contec Sv-cpt-mc310 Firmware Contec Co., Ltd. Solarview Compact

Timeline

PublishedFeb 24

Latest updateMay 24

Description

Exposure of information through directory listing in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain the information inside the system, such as directories and/or file configurations via unspecified vectors.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5contec_co.,_ltd./solarview_compactSV-CPT-MC310 prior to Ver.6.5

▶NVDcontec/sv-cpt-mc310_firmware< 6.5

🔴Vulnerability Details

GHSA

GHSA-7vwq-44q4-jhr2: Exposure of information through directory listing in SolarView Compact SV-CPT-MC310 prior to Ver↗2022-05-24

▶

CVEList

CVE-2021-20656: Exposure of information through directory listing in SolarView Compact SV-CPT-MC310 prior to Ver↗2021-02-24

▶