All the vulnerabilites related to NEC Corporation - Aterm WG2600HP and Aterm WG2600HP2
cve-2021-20621
Vulnerability from cvelistv5
Published
2021-01-28 10:00
Modified
2024-08-03 17:45
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.aterm.jp/support/tech/2019/0328.html | x_refsource_MISC | |
| https://jpn.nec.com/security-info/secinfo/nv21-005.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN38248512/index.html | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| NEC Corporation | Aterm WG2600HP and Aterm WG2600HP2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:44.833Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.aterm.jp/support/tech/2019/0328.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv21-005.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN38248512/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aterm WG2600HP and Aterm WG2600HP2",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-28T10:00:29",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.aterm.jp/support/tech/2019/0328.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv21-005.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN38248512/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20621",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aterm WG2600HP and Aterm WG2600HP2",
"version": {
"version_data": [
{
"version_value": "Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier"
}
]
}
}
]
},
"vendor_name": "NEC Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.aterm.jp/support/tech/2019/0328.html",
"refsource": "MISC",
"url": "https://www.aterm.jp/support/tech/2019/0328.html"
},
{
"name": "https://jpn.nec.com/security-info/secinfo/nv21-005.html",
"refsource": "MISC",
"url": "https://jpn.nec.com/security-info/secinfo/nv21-005.html"
},
{
"name": "https://jvn.jp/en/jp/JVN38248512/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN38248512/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20621",
"datePublished": "2021-01-28T10:00:29",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:45:44.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20622
Vulnerability from cvelistv5
Published
2021-01-28 10:00
Modified
2024-08-03 17:45
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.aterm.jp/support/tech/2019/0328.html | x_refsource_MISC | |
| https://jpn.nec.com/security-info/secinfo/nv21-005.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN38248512/index.html | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| NEC Corporation | Aterm WG2600HP and Aterm WG2600HP2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:44.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.aterm.jp/support/tech/2019/0328.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv21-005.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN38248512/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aterm WG2600HP and Aterm WG2600HP2",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-28T10:00:29",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.aterm.jp/support/tech/2019/0328.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv21-005.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN38248512/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20622",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aterm WG2600HP and Aterm WG2600HP2",
"version": {
"version_data": [
{
"version_value": "Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier"
}
]
}
}
]
},
"vendor_name": "NEC Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.aterm.jp/support/tech/2019/0328.html",
"refsource": "MISC",
"url": "https://www.aterm.jp/support/tech/2019/0328.html"
},
{
"name": "https://jpn.nec.com/security-info/secinfo/nv21-005.html",
"refsource": "MISC",
"url": "https://jpn.nec.com/security-info/secinfo/nv21-005.html"
},
{
"name": "https://jvn.jp/en/jp/JVN38248512/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN38248512/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20622",
"datePublished": "2021-01-28T10:00:29",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:45:44.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}