All the vulnerabilites related to NEC Corporation - Aterm WG2600HS firmware
jvndb-2020-000015
Vulnerability from jvndb
Published
2020-02-19 14:34
Modified
2020-02-19 14:34
Severity ?
Summary
Multiple vulnerabilities in Aterm WG2600HS
Details
Aterm WG2600HS provided by NEC Corporation contains multiple vulnerabilities listed below.
* Cross-site scripting (CWE-79) - CVE-2020-5533
* OS command injection (CWE-78) - CVE-2020-5534
Satoru Nagaoka of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN49410695/index.html | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5533 | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5534 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2020-5533 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2020-5534 | |
| OS Command Injection(CWE-78) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html | |
| Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| NEC Corporation | Aterm WG2600HS firmware |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000015.html",
"dc:date": "2020-02-19T14:34+09:00",
"dcterms:issued": "2020-02-19T14:34+09:00",
"dcterms:modified": "2020-02-19T14:34+09:00",
"description": "Aterm WG2600HS provided by NEC Corporation contains multiple vulnerabilities listed below. \r\n* Cross-site scripting (CWE-79) - CVE-2020-5533 \r\n* OS command injection (CWE-78) - CVE-2020-5534\r\n\r\nSatoru Nagaoka of Cyber Defense Institute, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000015.html",
"sec:cpe": {
"#text": "cpe:/o:nec:aterm_wg2600hs_firmware",
"@product": "Aterm WG2600HS firmware",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "7.7",
"@severity": "High",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"@version": "2.0"
},
{
"@score": "8.0",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2020-000015",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN49410695/index.html",
"@id": "JVN#49410695",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5533",
"@id": "CVE-2020-5533",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5534",
"@id": "CVE-2020-5534",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5533",
"@id": "CVE-2020-5533",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5534",
"@id": "CVE-2020-5534",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple vulnerabilities in Aterm WG2600HS"
}
jvndb-2021-000030
Vulnerability from jvndb
Published
2021-04-09 16:42
Modified
2021-04-09 16:42
Severity ?
Summary
Multiple vulnerabilities in Aterm WF1200CR, Aterm WG1200CR, Aterm WG2600HS, and Aterm WX3000HP
Details
Aterm WF1200CR, Aterm WG1200CR, Aterm WG2600HS, and Aterm WX3000HP provided by NEC Corporation contain multiple vulnerabilities listed below.
Aterm WF1200CR, Aterm WG1200CR, and Aterm WG2600HS
*OS Command Injection (CWE-78) - CVE-2021-20708
*Improper Validation of Integrity Check Value (CWE-354) - CVE-2021-20709
Aterm WG2600HS
*Cross-site Scripting (CWE-79) - CVE-2021-20710
*OS Command Injection (CWE-78) - CVE-2021-20711
Aterm WG2600HS, and WX3000HP
*Improper Access Control (CWE-284) - CVE-2021-20712
CVE-2021-20708 and CVE-2021-20709
Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2021-20710 and CVE-2021-20711
Satoru Nagaoka of Cyber Defense Institute, Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2021-20712
Yoshimitsu Kato reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000030.html",
"dc:date": "2021-04-09T16:42+09:00",
"dcterms:issued": "2021-04-09T16:42+09:00",
"dcterms:modified": "2021-04-09T16:42+09:00",
"description": "Aterm WF1200CR, Aterm WG1200CR, Aterm WG2600HS, and Aterm WX3000HP provided by NEC Corporation contain multiple vulnerabilities listed below.\r\n\r\nAterm WF1200CR, Aterm WG1200CR, and Aterm WG2600HS\r\n*OS Command Injection (CWE-78) - CVE-2021-20708\r\n*Improper Validation of Integrity Check Value (CWE-354) - CVE-2021-20709\r\nAterm WG2600HS\r\n*Cross-site Scripting (CWE-79) - CVE-2021-20710\r\n*OS Command Injection (CWE-78) - CVE-2021-20711\r\nAterm WG2600HS, and WX3000HP\r\n*Improper Access Control (CWE-284) - CVE-2021-20712\r\n\r\nCVE-2021-20708 and CVE-2021-20709\r\nTaizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-20710 and CVE-2021-20711\r\nSatoru Nagaoka of Cyber Defense Institute, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-20712\r\nYoshimitsu Kato reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000030.html",
"sec:cpe": [
{
"#text": "cpe:/o:nec:aterm_wf1200cr_firmware",
"@product": "Aterm WF1200CR firmware",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wg1200cr_firmware",
"@product": "Aterm WG1200CR firmware",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wg2600hs_firmware",
"@product": "Aterm WG2600HS firmware",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wx3000hp_firmware",
"@product": "Aterm WX3000HP firmware",
"@vendor": "NEC Corporation",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "8.3",
"@severity": "High",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"@version": "2.0"
},
{
"@score": "8.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2021-000030",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN29739718/index.html",
"@id": "JVN#29739718",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20708",
"@id": "CVE-2021-20708",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20709",
"@id": "CVE-2021-20709",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20710",
"@id": "CVE-2021-20710",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20711",
"@id": "CVE-2021-20711",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20712",
"@id": "CVE-2021-20712",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20708",
"@id": "CVE-2021-20708",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20709",
"@id": "CVE-2021-20709",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20710",
"@id": "CVE-2021-20710",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20711",
"@id": "CVE-2021-20711",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20712",
"@id": "CVE-2021-20712",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/284.html",
"@id": "CWE-284",
"@title": "Improper Access Control(CWE-284)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple vulnerabilities in Aterm WF1200CR, Aterm WG1200CR, Aterm WG2600HS, and Aterm WX3000HP"
}
jvndb-2020-000016
Vulnerability from jvndb
Published
2020-02-19 14:39
Modified
2020-02-19 14:39
Severity ?
Summary
Multiple OS command injection vulnerabilities in Aterm WF1200C, Aterm WG1200CR, and Aterm WG2600HS
Details
Aterm WF1200C, Aterm WG1200CR, and Aterm WG2600HS provided by NEC Corporation contain multiple OS command injection vulnerabilities listed below.
* OS command injection vulnerability in UPnP function (CWE-78) - CVE-2020-5524
* OS command injection vulnerability in management screen (CWE-78) - CVE-2020-5525
Rintaro Fujita and Takayuki Kamiyama of Nippon Telegraph and Telephone Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000016.html",
"dc:date": "2020-02-19T14:39+09:00",
"dcterms:issued": "2020-02-19T14:39+09:00",
"dcterms:modified": "2020-02-19T14:39+09:00",
"description": "Aterm WF1200C, Aterm WG1200CR, and Aterm WG2600HS provided by NEC Corporation contain multiple OS command injection vulnerabilities listed below. \r\n* OS command injection vulnerability in UPnP function (CWE-78) - CVE-2020-5524\r\n* OS command injection vulnerability in management screen (CWE-78) - CVE-2020-5525\r\n\r\nRintaro Fujita and Takayuki Kamiyama of Nippon Telegraph and Telephone Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000016.html",
"sec:cpe": [
{
"#text": "cpe:/o:nec:aterm_wf1200cr_firmware",
"@product": "Aterm WF1200CR firmware",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wg1200cr_firmware",
"@product": "Aterm WG1200CR firmware",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wg2600hs_firmware",
"@product": "Aterm WG2600HS firmware",
"@vendor": "NEC Corporation",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "8.3",
"@severity": "High",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"@version": "2.0"
},
{
"@score": "8.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2020-000016",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN25766797/index.html",
"@id": "JVN#25766797",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5524",
"@id": "CVE-2020-5524",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5525",
"@id": "CVE-2020-5525",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5524",
"@id": "CVE-2020-5524",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5525",
"@id": "CVE-2020-5525",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
}
],
"title": "Multiple OS command injection vulnerabilities in Aterm WF1200C, Aterm WG1200CR, and Aterm WG2600HS"
}