All the vulnerabilites related to NEC Corporation - Aterm WR9300N
jvndb-2023-000066
Vulnerability from jvndb
Published
2023-06-27 15:12
Modified
2024-05-22 18:16
Severity ?
Summary
Multiple vulnerabilities in Aterm series
Details
Aterm series provided by NEC Corporation contain multiple vulnerabilities listed below.
* Directory traversal (CWE-22) - CVE-2023-3330
* Directory traversal (CWE-22) - CVE-2023-3331
* Stored cross-site scripting (CWE-79) - CVE-2023-3332
* OS command injection (CWE-78) - CVE-2023-3333
Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000066.html",
"dc:date": "2024-05-22T18:16+09:00",
"dcterms:issued": "2023-06-27T15:12+09:00",
"dcterms:modified": "2024-05-22T18:16+09:00",
"description": "Aterm series provided by NEC Corporation contain multiple vulnerabilities listed below.\r\n\r\n * Directory traversal (CWE-22) - CVE-2023-3330\r\n * Directory traversal (CWE-22) - CVE-2023-3331\r\n * Stored cross-site scripting (CWE-79) - CVE-2023-3332\r\n * OS command injection (CWE-78) - CVE-2023-3333\r\n\r\nTaizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000066.html",
"sec:cpe": [
{
"#text": "cpe:/o:nec:aterm_wf300hp_firmware",
"@product": "Aterm WF300HP",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wg1400hp_firmware",
"@product": "Aterm WG1400HP",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wg1800hp2_firmware",
"@product": "Aterm WG1800HP2",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wg1800hp_firmware",
"@product": "Aterm WG1800HP",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wg2200hp_firmware",
"@product": "Aterm WG2200HP",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wg2600hp",
"@product": "Aterm WG2600HP",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wg2600hp2_firmware",
"@product": "Aterm WG2600HP2",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wg300hp_firmware",
"@product": "Aterm WG300HP",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wg600hp_firmware",
"@product": "Aterm WG600HP",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wr8170n_firmware",
"@product": "Aterm WR8170N",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wr8175n_firmware",
"@product": "Aterm WR8175N",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wr8370n_firmware",
"@product": "Aterm WR8370N",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wr8600n_firmware",
"@product": "Aterm WR8600N",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wr8700n_firmware",
"@product": "Aterm WR8700N",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wr8750n_firmware",
"@product": "Aterm WR8750N",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wr9300n_firmware",
"@product": "Aterm WR9300N",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wr9500n_firmware",
"@product": "Aterm WR9500N",
"@vendor": "NEC Corporation",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "7.7",
"@severity": "High",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"@version": "2.0"
},
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000066",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN38343415/index.html",
"@id": "JVN#38343415",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-3330",
"@id": "CVE-2023-3330",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-3331",
"@id": "CVE-2023-3331",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-3332",
"@id": "CVE-2023-3332",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-3333",
"@id": "CVE-2023-3333",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-3330",
"@id": "CVE-2023-3330",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-3331",
"@id": "CVE-2023-3331",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-3332",
"@id": "CVE-2023-3332",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-3333",
"@id": "CVE-2023-3333",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple vulnerabilities in Aterm series"
}
jvndb-2024-000037
Vulnerability from jvndb
Published
2024-04-05 14:53
Modified
2024-04-05 14:53
Severity ?
Summary
Multiple vulnerabilities in NEC Aterm series
Details
Aterm series provided by NEC Corporation contains multiple vulnerabilities listed below.
<ul>
<li>Incorrect Permission Assignment for Critical Resource (CWE-732) - CVE-2024-28005</li>
<li>Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) - CVE-2024-28006</li>
<li>Incorrect Permission Assignment for Critical Resource (CWE-732) - CVE-2024-28007</li>
<li>Active Debug Code (CWE-489) - CVE-2024-28008</li>
<li>Use of Weak Credentials (CWE-1391) - CVE-2024-28009, CVE-2024-28012</li>
<li>Use of Hard-coded Credentials (CWE-798) - CVE-2024-28010</li>
<li>Inclusion of Undocumented Features (CWE-1242) - CVE-2024-28011</li>
<li>Insufficient Session Expiration (CWE-613) - CVE-2024-28013</li>
<li>Buffer Overflow (CWE-120) - CVE-2024-28014</li>
<li>OS Command Injection in the web management console (CWE-78) - CVE-2024-28015</li>
<li>Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) - CVE-2024-28016</li>
</ul>
The following people reported the vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2024-28005, CVE-2024-28008
Ryo Kashiro, and Katsuhiko Sato, and Takayuki Sasaki, and Katsunari Yoshioka of Yokohama National University
CVE-2024-28006, CVE-2024-28007, CVE-2024-28009, CVE-2024-28010, CVE-2024-28011, CVE-2024-28012
Ryo Kashiro, and Katsuhiko Sato
CVE-2024-28013
Yudai Morii, Takaya Noma, Takayuki Sasaki, and Katsunari Yoshioka of Yokohama National University
CVE-2024-28014, CVE-2024-28015, CVE-2024-28016
Takayuki Sasaki, and Katsunari Yoshioka of Yokohama National University
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000037.html",
"dc:date": "2024-04-05T14:53+09:00",
"dcterms:issued": "2024-04-05T14:53+09:00",
"dcterms:modified": "2024-04-05T14:53+09:00",
"description": "Aterm series provided by NEC Corporation contains multiple vulnerabilities listed below.\r\n\r\n\u003cul\u003e\r\n\u003cli\u003eIncorrect Permission Assignment for Critical Resource (CWE-732) - CVE-2024-28005\u003c/li\u003e\r\n\u003cli\u003eExposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) - CVE-2024-28006\u003c/li\u003e\r\n\u003cli\u003eIncorrect Permission Assignment for Critical Resource (CWE-732) - CVE-2024-28007\u003c/li\u003e\r\n\u003cli\u003eActive Debug Code (CWE-489) - CVE-2024-28008\u003c/li\u003e\r\n\u003cli\u003eUse of Weak Credentials (CWE-1391) - CVE-2024-28009, CVE-2024-28012\u003c/li\u003e\r\n\u003cli\u003eUse of Hard-coded Credentials (CWE-798) - CVE-2024-28010\u003c/li\u003e\r\n\u003cli\u003eInclusion of Undocumented Features (CWE-1242) - CVE-2024-28011\u003c/li\u003e\r\n\u003cli\u003eInsufficient Session Expiration (CWE-613) - CVE-2024-28013\u003c/li\u003e\r\n\u003cli\u003eBuffer Overflow (CWE-120) - CVE-2024-28014\u003c/li\u003e\r\n\u003cli\u003eOS Command Injection in the web management console (CWE-78) - CVE-2024-28015\u003c/li\u003e\r\n\u003cli\u003eExposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) - CVE-2024-28016\u003c/li\u003e\r\n\u003c/ul\u003e\r\n\r\nThe following people reported the vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2024-28005, CVE-2024-28008\r\nRyo Kashiro, and Katsuhiko Sato, and Takayuki Sasaki, and Katsunari Yoshioka of Yokohama National University\r\n\r\nCVE-2024-28006, CVE-2024-28007, CVE-2024-28009, CVE-2024-28010, CVE-2024-28011, CVE-2024-28012\r\nRyo Kashiro, and Katsuhiko Sato\r\n\r\nCVE-2024-28013\r\nYudai Morii, Takaya Noma, Takayuki Sasaki, and Katsunari Yoshioka of Yokohama National University\r\n\r\nCVE-2024-28014, CVE-2024-28015, CVE-2024-28016\r\nTakayuki Sasaki, and Katsunari Yoshioka of Yokohama National University",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000037.html",
"sec:cpe": [
{
"#text": "cpe:/h:nec:atermwm3400rn",
"@product": "Aterm WM3400RN",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/h:nec:atermwm3450rn",
"@product": "Aterm WM3450RN",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/h:nec:atermwm3600r",
"@product": "Aterm WM3600R",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/h:nec:atermwr8160n",
"@product": "Aterm WR8160N",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_cr2500p",
"@product": "Aterm CR2500P",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_mr01ln",
"@product": "Aterm MR01LN",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_mr02ln",
"@product": "Aterm MR02LN",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_w1200ex(-ms)",
"@product": "Aterm W1200EX(-MS)",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_w300p_firmware",
"@product": "Aterm W300P",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wf1200hp",
"@product": "Aterm WF1200HP",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wf1200hp2",
"@product": "Aterm WF1200HP2",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wf300hp2_firmware",
"@product": "Aterm WF300HP2",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wf300hp_firmware",
"@product": "Aterm WF300HP",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wf800hp_firmware",
"@product": "Aterm WF800HP",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wg1200hp2_firmware",
"@product": "Aterm WG1200HP2",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wg1200hp3_firmware",
"@product": "Aterm WG1200HP3",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wg1200hp_firmware",
"@product": "Aterm WG1200HP",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wg1200hs2_firmware",
"@product": "Aterm WG1200HS2",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wg1200hs3_firmware",
"@product": "Aterm WG1200HS3",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wg1200hs_firmware",
"@product": "Aterm WG1200HS",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wg1400hp_firmware",
"@product": "Aterm WG1400HP",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wg1800hp2_firmware",
"@product": "Aterm WG1800HP2",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wg1800hp3_firmware",
"@product": "Aterm WG1800HP3",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wg1800hp4_firmware",
"@product": "Aterm WG1800HP4",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wg1800hp_firmware",
"@product": "Aterm WG1800HP",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wg1810hp(je)",
"@product": "Aterm WG1810HP(JE)",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wg1810hp(mf)",
"@product": "Aterm WG1810HP(MF)",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wg1900hp2_firmware",
"@product": "Aterm WG1900HP2",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wg1900hp_firmware",
"@product": "Aterm WG1900HP",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wg2200hp_firmware",
"@product": "Aterm WG2200HP",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wg300hp_firmware",
"@product": "Aterm WG300HP",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wg600hp_firmware",
"@product": "Aterm WG600HP",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wm3500r",
"@product": "Aterm WM3500R",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wm3800r",
"@product": "Aterm WM3800R",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wr1200h",
"@product": "Aterm WR1200H",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wr4100n",
"@product": "Aterm WR4100N",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wr4500n",
"@product": "Aterm WR4500N",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wr6600h",
"@product": "Aterm WR6600H",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wr6650s",
"@product": "Aterm WR6650S",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wr6670s",
"@product": "Aterm WR6670S",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wr7800h",
"@product": "Aterm WR7800H",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wr7850s",
"@product": "Aterm WR7850S",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wr7870s",
"@product": "Aterm WR7870S",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wr8100n",
"@product": "Aterm WR8100N",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wr8150n",
"@product": "Aterm WR8150N",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wr8165n_firmware",
"@product": "Aterm WR8165N",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wr8166n",
"@product": "Aterm WR8166N",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wr8170n_firmware",
"@product": "Aterm WR8170N",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wr8175n_firmware",
"@product": "Aterm WR8175N",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wr8200n",
"@product": "Aterm WR8200N",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wr8300n",
"@product": "Aterm WR8300N",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wr8370n_firmware",
"@product": "Aterm WR8370N",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wr8400n",
"@product": "Aterm WR8400N",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wr8500n",
"@product": "Aterm WR8500N",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wr8600n_firmware",
"@product": "Aterm WR8600N",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wr8700n_firmware",
"@product": "Aterm WR8700N",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wr8750n_firmware",
"@product": "Aterm WR8750N",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wr9300n_firmware",
"@product": "Aterm WR9300N",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:nec:aterm_wr9500n_firmware",
"@product": "Aterm WR9500N",
"@vendor": "NEC Corporation",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "8.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-000037",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN82074338/index.html",
"@id": "JVN#82074338",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-28005",
"@id": "CVE-2024-28005",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-28006",
"@id": "CVE-2024-28006",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-28007",
"@id": "CVE-2024-28007",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-28008",
"@id": "CVE-2024-28008",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-28009",
"@id": "CVE-2024-28009",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-28010",
"@id": "CVE-2024-28010",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-28011",
"@id": "CVE-2024-28011",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-28012",
"@id": "CVE-2024-28012",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-28013",
"@id": "CVE-2024-28013",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-28014",
"@id": "CVE-2024-28014",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-28015",
"@id": "CVE-2024-28015",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-280016",
"@id": "CVE-2024-28016",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-119",
"@title": "Buffer Errors(CWE-119)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-200",
"@title": "Information Exposure(CWE-200)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-287",
"@title": "Improper Authentication(CWE-287)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in NEC Aterm series"
}
cve-2023-3333
Vulnerability from cvelistv5
Published
2023-06-28 01:33
Modified
2024-08-02 06:55
Severity ?
EPSS score ?
Summary
Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to execute an arbitrary OS command with the root privilege, after obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:00.761Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://https://jpn.nec.com/security-info/secinfo/nv23-007_en.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Aterm WG2600HP2",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WG2600HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WG2200HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WG2200HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WG1800HP2",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WG1800HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WG1400HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WG600HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WG300HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WF300HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WR9500N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WR9300N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WR8750N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WR8700N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WR8600N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WR8370N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WR8175N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WR8170N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mr. Taizoh Tsukamoto in Mitsui Bussan Secure Directions, Inc."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003ea attacker\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eto\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eexecute an arbitrary OS command with the root privilege, a\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003efter obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e.\u003c/span\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows\u00a0a attacker\u00a0to\u00a0execute an arbitrary OS command with the root privilege, after obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-03T02:11:31.242Z",
"orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"shortName": "NEC"
},
"references": [
{
"url": "https://https://jpn.nec.com/security-info/secinfo/nv23-007_en.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nStop using the products or remove the USB storage.\u003cbr\u003e"
}
],
"value": "\nStop using the products or remove the USB storage.\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"assignerShortName": "NEC",
"cveId": "CVE-2023-3333",
"datePublished": "2023-06-28T01:33:27.976Z",
"dateReserved": "2023-06-20T01:14:11.982Z",
"dateUpdated": "2024-08-02T06:55:00.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3330
Vulnerability from cvelistv5
Published
2023-06-28 01:13
Modified
2024-08-02 06:55
Severity ?
EPSS score ?
Summary
Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to obtain specific files in the product.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:00.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv23-007_en.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Aterm WG2600HP2",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WG2600HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WG2200HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WG2200HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WG1800HP2",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WG1800HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WG1400HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WG600HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WG300HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WF300HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WR9500N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WR9300N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WR8750N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WR8700N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WR8600N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WR8370N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WR8175N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WR8170N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mr. Taizoh Tsukamoto in Mitsui Bussan Secure Directions, Inc."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003ea attacker\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eto\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;obtain specific files in the product\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e.\u003c/span\u003e"
}
],
"value": "Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows\u00a0a attacker\u00a0to\u00a0obtain specific files in the product."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-28T00:56:00.401Z",
"orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"shortName": "NEC"
},
"references": [
{
"url": "https://jpn.nec.com/security-info/secinfo/nv23-007_en.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nStop using the products or remove the USB storage.\u003cbr\u003e"
}
],
"value": "\nStop using the products or remove the USB storage.\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"assignerShortName": "NEC",
"cveId": "CVE-2023-3330",
"datePublished": "2023-06-28T01:13:03.181Z",
"dateReserved": "2023-06-20T01:14:05.654Z",
"dateUpdated": "2024-08-02T06:55:00.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3331
Vulnerability from cvelistv5
Published
2023-06-28 01:19
Modified
2024-08-02 06:55
Severity ?
EPSS score ?
Summary
Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to delete
specific files in the product.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:02.734Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://https://jpn.nec.com/security-info/secinfo/nv23-007_en.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Aterm WG2600HP2",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WG2600HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WG2200HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WG2200HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WG1800HP2",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WG1800HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WG1400HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WG600HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WG300HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WF300HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WR9500N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WR9300N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WR8750N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WR8700N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WR8600N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WR8370N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WR8175N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WR8170N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mr. Taizoh Tsukamoto in Mitsui Bussan Secure Directions, Inc."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003ea attacker\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eto\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003edelete\u003c/span\u003e\n\n specific files in the product\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e.\u003c/span\u003e"
}
],
"value": "Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows\u00a0a attacker\u00a0to\u00a0delete\n\n specific files in the product."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-03T02:10:13.150Z",
"orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"shortName": "NEC"
},
"references": [
{
"url": "https://https://jpn.nec.com/security-info/secinfo/nv23-007_en.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nStop using the products or remove the USB storage.\u003cbr\u003e"
}
],
"value": "\nStop using the products or remove the USB storage.\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"assignerShortName": "NEC",
"cveId": "CVE-2023-3331",
"datePublished": "2023-06-28T01:19:45.378Z",
"dateReserved": "2023-06-20T01:14:08.079Z",
"dateUpdated": "2024-08-02T06:55:02.734Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3332
Vulnerability from cvelistv5
Published
2023-06-28 01:25
Modified
2024-08-02 06:55
Severity ?
EPSS score ?
Summary
Improper Neutralization of Input During Web Page Generation vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to
execute an arbitrary script, after obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:01.051Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://https://jpn.nec.com/security-info/secinfo/nv23-007_en.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Aterm WG2600HP2",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WG2600HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WG2200HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WG2200HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WG1800HP2",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WG1800HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WG1400HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WG600HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WG300HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WF300HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WR9500N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WR9300N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WR8750N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WR8700N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WR8600N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WR8370N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WR8175N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WR8170N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mr. Taizoh Tsukamoto in Mitsui Bussan Secure Directions, Inc."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003ea attacker\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eto\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eexecute an arbitrary script, a\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003efter obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e.\u003c/span\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows\u00a0a attacker\u00a0to\u00a0\n\nexecute an arbitrary script, after obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-03T02:10:55.668Z",
"orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"shortName": "NEC"
},
"references": [
{
"url": "https://https://jpn.nec.com/security-info/secinfo/nv23-007_en.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nStop using the products or remove the USB storage.\u003cbr\u003e"
}
],
"value": "\nStop using the products or remove the USB storage.\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"assignerShortName": "NEC",
"cveId": "CVE-2023-3332",
"datePublished": "2023-06-28T01:25:03.905Z",
"dateReserved": "2023-06-20T01:14:10.138Z",
"dateUpdated": "2024-08-02T06:55:01.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}