CVE-2021-33903

In LCOS 10.40 to 10.42.0473-RU3 with SNMPv3 enabled on LANCOM devices, changing the password of the root user via the CLI does not change the password of the root user for SNMPv3 access. (However, changing the password of the root user via LANconfig does change the password of the root user for SNMPv3 access.)

Published: Oct 7, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-33903
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 8.5
AV:N/AC:M/Au:S/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
lancom-systems / lcos	10.42.0473-release_update1	10.42.0473-release_update1.x
lancom-systems / lcos	10.42.0473-release_update2	10.42.0473-release_update2.x
lancom-systems / lcos	10.42.0473-release_update3	10.42.0473-release_update3.x
lancom-systems / lcos	10.42.0473	10.42.0473.x
lancom-systems / lcos	10.40	10.42.0473

https://www.nmedv.de/wp-content/uploads/2021/10/NME-2021-001.txt

Vulnerability Database

289,599

CVE-2021-33903