CVSSv3 12/31/2021

CVSSv3 Base

≤10
≤20
≤30
≤47
≤511
≤610
≤76
≤87
≤91
≤101

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤47
≤511
≤610
≤78
≤85
≤91
≤101

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤30
≤413
≤510
≤64
≤77
≤87
≤91
≤101

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤40
≤50
≤63
≤71
≤85
≤90
≤100

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
1895014.94.3
 
5.5
 
 
vim out-of-bounds read0.00CVE-2021-4193
1895005.96.3
 
5.5
 
 
vim use after free0.14CVE-2021-4192
1894998.08.0
 
 
 
 
Bitmask/Riseup VPN access control0.05CVE-2021-44466
1894986.86.8
 
 
 
 
Netgear Nighthawk R6700 UART Console improper authentication0.05CVE-2021-23147
1894978.88.8
 
 
 
 
Netgear Genie Installer access control0.00CVE-2021-20172
1894966.86.8
 
 
 
 
Netgear RAX43 UART Interface hard-coded credentials0.05CVE-2021-20168
1894953.73.7
 
 
 
 
Netgear Nighthawk R6700 SOAP Interface cleartext transmission0.00CVE-2021-20175
1894943.73.7
 
 
 
 
Netgear Nighthawk R6700 Web Interface cleartext transmission0.05CVE-2021-20174
1894933.73.7
 
 
 
 
Netgear RAX43 Web Interface cleartext transmission0.04CVE-2021-20169
1894924.64.6
 
 
 
 
Netgear Nighthawk R6700 Configuration Backup hard-coded credentials0.00CVE-2021-45732
1894913.53.5
 
 
 
 
Netgear Nighthawk R6700 Configuration File cleartext storage0.05CVE-2021-45077
1894905.55.5
 
 
 
 
Netgear Nighthawk R6700 System Update Check command injection0.05CVE-2021-20173
1894893.53.5
 
 
 
 
Netgear RAX43 Configuration File cleartext storage0.00CVE-2021-20171
1894885.05.0
 
 
 
 
Netgear RAX43 Configuration Backup hard-coded credentials0.05CVE-2021-20170
1894875.55.5
 
 
 
 
Netgear RAX43 readycloud CGI Application command injection0.00CVE-2021-20167
1894866.36.3
 
 
 
 
Netgear RAX43 URL Parser buffer overflow0.04CVE-2021-20166
1894854.34.3
 
 
 
 
Trendnet AC2600 TEW-827DRU FTP Web Page ftpserver.asp missing encryption0.00CVE-2021-20163
1894844.34.3
 
 
 
 
Trendnet AC2600 TEW-827DRU Admin Password cameo cleartext storage0.05CVE-2021-20162
1894837.37.3
 
 
 
 
Trendnet AC2600 TEW-827DRU Management Web Interface hard-coded credentials0.00CVE-2021-20155
1894823.73.7
 
 
 
 
Trendnet AC2600 TEW-827DRU Web Interface cleartext transmission0.09CVE-2021-20154
1894817.37.3
 
 
 
 
Trendnet AC2600 TEW-827DRU Bittorrent improper authentication0.06CVE-2021-20152
1894805.65.6
 
 
 
 
Trendnet AC2600 TEW-827DRU user session0.00CVE-2021-20151
1894797.37.3
 
 
 
 
Trendnet AC2600 TEW-827DRU iptables access control0.00CVE-2021-20149
1894784.34.3
 
 
 
 
Trendnet AC2600 TEW-827DRU cross-site request forgery0.00CVE-2021-20165
1894776.86.8
 
 
 
 
Trendnet AC2600 TEW-827DRU UART access control0.00CVE-2021-20161
1894763.53.5
 
 
 
 
Trendnet AC2600 TEW-827DRU smbserver.asp missing encryption0.05CVE-2021-20164
1894756.86.8
 
 
 
 
Trendnet AC2600 TEW-827DRU SMB command injection0.05CVE-2021-20160
1894748.08.0
 
 
 
 
Trendnet AC2600 TEW-827DRU System Log command injection0.05CVE-2021-20159
1894737.37.3
 
 
 
 
Trendnet AC2600 TEW-827DRU improper authentication0.05CVE-2021-20158
1894725.35.3
 
 
 
 
Trendnet AC2600 TEW-827DRU denial of service0.06CVE-2021-20157
1894717.27.2
 
 
 
 
Trendnet AC2600 TEW-827DRU Firmware Update access control0.00CVE-2021-20156
1894704.34.3
 
 
 
 
Trendnet AC2600 TEW-827DRU Setup Wizard improper authentication0.06CVE-2021-20150
1894695.05.0
 
 
 
 
Trendnet AC2600 TEW-827DRU Bittorrent symlink0.06CVE-2021-20153
1894689.89.8
 
 
 
 
D-Link DIR-2640 Quagga Service hard-coded credentials0.11CVE-2021-20132
1894676.36.3
 
 
 
 
D-Link DIR-2640 Quagga Service path traversal0.05CVE-2021-20134
1894664.34.3
 
 
 
 
D-Link DIR-2640 Quagga Service path traversal0.07CVE-2021-20133
1894655.63.7
 
7.5
 
 
Wireshark Kafka Dissector denial of service0.05CVE-2021-4190
1894644.73.1
 
6.3
 
 
Wireshark Gryphon Dissector denial of service0.09CVE-2021-4186
1894635.63.7
 
7.5
 
 
Wireshark RTMPT Dissector denial of service0.05CVE-2021-4185
1894625.63.7
 
7.5
 
 
Wireshark BitTorrent DHT Dissector denial of service0.00CVE-2021-4184

3 more entries are not shown

Interested in the pricing of exploits?

See the underground prices here!