Description
Improper authentication vulnerability in GOT2000 series GT27 model VNC server versions 01.39.010 and prior, GOT2000 series GT25 model VNC server versions 01.39.010 and prior, GOT2000 series GT21 model GT2107-WTBD VNC server versions 01.40.000 and prior, GOT2000 series GT21 model GT2107-WTSD VNC server versions 01.40.000 and prior, GOT SIMPLE series GS21 model GS2110-WTBD-N VNC server versions 01.40.000 and prior and GOT SIMPLE series GS21 model GS2107-WTBD-N VNC server versions 01.40.000 and prior allows a remote unauthenticated attacker to gain unauthorized access via specially crafted packets when the "VNC server" function is used.
References (2)
Core 2
Core References
Various Sources x_refsource_confirm
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-001_en.pdf
Third Party Advisory x_refsource_confirm
https://jvn.jp/vu/JVNVU97615777/index.html
Scores
CVSS v3
7.5
EPSS
0.0026
EPSS Percentile
49.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-287
Status
published
Products (6)
mitsubishielectric/got2000_gt25_firmware
< 01.39.010
mitsubishielectric/got2000_gt27_firmware
< 01.39.010
mitsubishielectric/gs2107-wtbd-n_firmware
< 01.40.000
mitsubishielectric/gs2110-wtbd-n_firmware
< 01.40.000
mitsubishielectric/gt2107-wtbd_firmware
< 01.40.000
mitsubishielectric/gt2107-wtsd_firmware
< 01.40.000
Published
Apr 22, 2021
Tracked Since
Feb 18, 2026