Vulnerability Details : CVE-2021-44564
A security vulnerability originally reported in the SYNC2101 product, and applicable to specific sub-families of SYNC devices, allows an attacker to download the configuration file used in the device and apply a modified configuration file back to the device. The attack requires network access to the SYNC device and knowledge of its IP address. The attack exploits the unsecured communication channel used between the administration tool Easyconnect and the SYNC device (in the affected family of SYNC products).
Products affected by CVE-2021-44564
- cpe:2.3:o:kalkitech:sync241-m1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:kalkitech:sync241-m2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:kalkitech:sync241-m4_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:kalkitech:sync261-m1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:kalkitech:sync2000-m1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:kalkitech:sync2000-m2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:kalkitech:sync2000-m4_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:kalkitech:sync2101-m1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:kalkitech:sync2101-m2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:kalkitech:sync2101-m6_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:kalkitech:sync2101-m7_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:kalkitech:sync2101-m8_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:kalkitech:sync2111-m2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:kalkitech:sync2111-m3_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:kalkitech:sync3000-m1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:kalkitech:sync3000-m2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:kalkitech:sync3000-m3_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:kalkitech:sync3000-m4_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:kalkitech:sync3000-m12_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:kalkitech:sync221-m1_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-44564
0.24%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 65 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-44564
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
8.1
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.2
|
5.9
|
NIST |
References for CVE-2021-44564
-
https://kalkitech.com/wp-content/uploads/CYB_33631_Advisory.pdf
Vendor Advisory
-
https://www.kalkitech.com/cybersecurity/
Cybersecurity | KalkitechVendor Advisory
Jump to