Description

NEC Aterm devices (Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier) allow authenticated attackers to execute arbitrary OS commands by sending a specially crafted request to a specific URL.

Related CPE's

o

nec

aterm_wf1200cr_firmware

Vulnerable

h

nec

aterm_wf1200cr

-

o

nec

aterm_wg1200cr_firmware

Vulnerable

h

nec

aterm_wg1200cr

-

o

nec

aterm_wg2600hs_firmware

Vulnerable

h

nec

aterm_wg2600hs

-

References

https://jpn.nec.com/security-info/secinfo/nv21-010.html

MitigationVendor Advisory

https://jvn.jp/en/jp/JVN29739718/index.html

Third Party Advisory

https://jpn.nec.com/security-info/secinfo/nv21-010.html

MitigationVendor Advisory

https://jvn.jp/en/jp/JVN29739718/index.html

Third Party Advisory

Weaknesses

[email protected]

Primary
CWE-78

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.2 · High

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-04-25T23:15:07.947Z

4 years ago

Last modified

2024-11-21T04:47:03.053Z

1 year ago