Description

Improper validation of integrity check value vulnerability in NEC Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier allows an attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to a specific URL.

Related CPE's

o

nec

aterm_wf1200cr_firmware

Vulnerable

h

nec

aterm_wf1200cr

-

o

nec

aterm_wg1200cr_firmware

Vulnerable

h

nec

aterm_wg1200cr

-

o

nec

aterm_wg2600hs_firmware

Vulnerable

h

nec

aterm_wg2600hs

-

References

https://jpn.nec.com/security-info/secinfo/nv21-010.html

MitigationVendor Advisory

https://jvn.jp/en/jp/JVN29739718/index.html

Third Party Advisory

Weaknesses

[email protected]

Primary
CWE-354

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.2 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-04-26T01:15:07.977

4 years ago

Last modified

2021-05-05T20:02:07.637

4 years ago