Vulnerabilities > CVE-2021-36797 - Unspecified vulnerability in Victronenergy Venus OS 2.72

CVSS 6.8 - MEDIUM

Attack vector

PHYSICAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

low complexity

victronenergy

NVD

Published: 2021-07-19

Updated: 2024-11-21

Summary

In Victron Energy Venus OS through 2.72, root access is granted by default to anyone with physical access to the device. NOTE: the vendor disagrees with the reporter's opinion about an alleged "security best practices" violation

Vulnerable Configurations

Part	Description	Count
OS	Victronenergy Victronenergy Venus OS - Victronenergy Venus OS 2.72	2

References

https://github.com/victronenergy/venus/issues/836
https://github.com/victronenergy/venus/issues/836