Search criteria
2 vulnerabilities found for wg2600hp2 by aterm
VAR-202101-0875
Vulnerability from variot - Updated: 2023-12-18 12:01Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Provided by NEC Corporation Aterm WF800HP , Aterm WG2600HP and Aterm WG2600HP2 There are multiple vulnerabilities in. Aterm WF800HP ・ Cross-site scripting (CWE-79) - CVE-2021-20620Aterm WG2600HP and Aterm WG2600HP2 ・ Inadequate access restrictions (CWE-284) - CVE-2017-12575 ・ Cross-site request forgery (CWE-352) - CVE-2021-20621 ・ Cross-site scripting (CWE-79) - CVE-2021-20622CVE-2021-20620 This vulnerability information is provided by the following persons based on Information Security Early Warning Partnership: IPA Report to JPCERT/CC Coordinated with the developers. Reporter : Cyber Defense Institute, Inc. Nagaoka Satoru Mr CVE-2021-20621, CVE-2021-20622 This vulnerability information is provided by the following persons based on Information Security Early Warning Partnership: IPA Report to JPCERT/CC Coordinated with the developers. Reporter : Cyber Defense Institute, Inc. Iwasaki Tokumei MrThe expected impact depends on each vulnerability, but it may be affected as follows. -Any script is executed on the web browser of the user who accessed the product. - CVE-2021-20620 ・ The setting information stored in the product may be stolen or changed by a remote third party. - CVE-2017-12575 -When a user logged in to the product accesses a specially crafted page, he / she is forced to perform an unintended operation. - CVE-2021-20621 -Any script is executed on the web browser of the user who is logged in to the product. - CVE-2021-20622
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202101-0875",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wg2600hp",
"scope": "lte",
"trust": 1.0,
"vendor": "aterm",
"version": "1.0.2"
},
{
"model": "wg2600hp2",
"scope": "lte",
"trust": 1.0,
"vendor": "aterm",
"version": "1.0.2"
},
{
"model": "aterm wf800hp",
"scope": "eq",
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": "firmware all versions"
},
{
"model": "aterm wg2600hp2",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "aterm wg2600hp",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-000006"
},
{
"db": "NVD",
"id": "CVE-2021-20621"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:aterm:wg2600hp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:aterm:wg2600hp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:aterm:wg2600hp2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:aterm:wg2600hp2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20621"
}
]
},
"cve": "CVE-2021-20621",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 2.6,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-000006",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 1.6,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2021-000006",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-000006",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-20621",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2021-000006",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 1.6,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-000006",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-000006",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2021-000006",
"trust": 2.4,
"value": "Medium"
},
{
"author": "NVD",
"id": "CVE-2021-20621",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2021-000006",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-2029",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-20621",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-20621"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000006"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000006"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000006"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000006"
},
{
"db": "NVD",
"id": "CVE-2021-20621"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2029"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Provided by NEC Corporation Aterm WF800HP , Aterm WG2600HP and Aterm WG2600HP2 There are multiple vulnerabilities in. Aterm WF800HP \u30fb Cross-site scripting (CWE-79) - CVE-2021-20620Aterm WG2600HP and Aterm WG2600HP2 \u30fb Inadequate access restrictions (CWE-284) - CVE-2017-12575 \u30fb Cross-site request forgery (CWE-352) - CVE-2021-20621 \u30fb Cross-site scripting (CWE-79) - CVE-2021-20622CVE-2021-20620 This vulnerability information is provided by the following persons based on Information Security Early Warning Partnership: IPA Report to JPCERT/CC Coordinated with the developers. Reporter : Cyber Defense Institute, Inc. Nagaoka Satoru Mr CVE-2021-20621, CVE-2021-20622 This vulnerability information is provided by the following persons based on Information Security Early Warning Partnership: IPA Report to JPCERT/CC Coordinated with the developers. Reporter : Cyber Defense Institute, Inc. Iwasaki Tokumei MrThe expected impact depends on each vulnerability, but it may be affected as follows. -Any script is executed on the web browser of the user who accessed the product. - CVE-2021-20620 \u30fb The setting information stored in the product may be stolen or changed by a remote third party. - CVE-2017-12575 -When a user logged in to the product accesses a specially crafted page, he / she is forced to perform an unintended operation. - CVE-2021-20621 -Any script is executed on the web browser of the user who is logged in to the product. - CVE-2021-20622",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20621"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000006"
},
{
"db": "VULMON",
"id": "CVE-2021-20621"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVN38248512",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2021-20621",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000006",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2029",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-20621",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-20621"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000006"
},
{
"db": "NVD",
"id": "CVE-2021-20621"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2029"
}
]
},
"id": "VAR-202101-0875",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6875
},
"last_update_date": "2023-12-18T12:01:27.013000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Aterm\u00a0 series \u00a0 Multiple vulnerabilities in Support information",
"trust": 0.8,
"url": "https://jpn.nec.com/security-info/secinfo/nv21-005.html"
},
{
"title": "Aterm Repair measures for cross-site request forgery vulnerabilities in multiple products",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=139979"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-000006"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2029"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": " Cross-site request forgery (CWE-352) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": " Authorization / authority / access control (CWE-264) [IPA Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-000006"
},
{
"db": "NVD",
"id": "CVE-2021-20621"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://jpn.nec.com/security-info/secinfo/nv21-005.html"
},
{
"trust": 1.7,
"url": "https://jvn.jp/en/jp/jvn38248512/index.html"
},
{
"trust": 1.7,
"url": "https://www.aterm.jp/support/tech/2019/0328.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/jp/jvn38248512/index.html"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2021/jvndb-2021-000006.html"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20621"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195442"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-20621"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000006"
},
{
"db": "NVD",
"id": "CVE-2021-20621"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2029"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-20621"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000006"
},
{
"db": "NVD",
"id": "CVE-2021-20621"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2029"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-28T00:00:00",
"db": "VULMON",
"id": "CVE-2021-20621"
},
{
"date": "2021-01-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-000006"
},
{
"date": "2021-01-28T11:15:13.793000",
"db": "NVD",
"id": "CVE-2021-20621"
},
{
"date": "2021-01-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-2029"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-01T00:00:00",
"db": "VULMON",
"id": "CVE-2021-20621"
},
{
"date": "2021-02-03T03:04:00",
"db": "JVNDB",
"id": "JVNDB-2021-000006"
},
{
"date": "2021-02-01T18:22:05.780000",
"db": "NVD",
"id": "CVE-2021-20621"
},
{
"date": "2021-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-2029"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-2029"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aterm\u00a0WF800HP , Aterm\u00a0WG2600HP\u00a0 and \u00a0Aterm\u00a0WG2600HP2\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-000006"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-2029"
}
],
"trust": 0.6
}
}
VAR-201808-0125
Vulnerability from variot - Updated: 2023-12-18 12:01An issue was discovered on the NEC Aterm WG2600HP2 1.0.2. The router has a set of web service APIs for access to and setup of the configuration. Some APIs don't require authentication. An attacker could exploit this vulnerability by sending a crafted HTTP request to retrieve DHCP clients, firmware version, and network status (ex.: curl -X http://[IP]/aterm_httpif.cgi/negotiate -d "REQ_ID=SUPPORT_IF_GET"). NEC Aterm WG2600HP2 Contains an access control vulnerability.Information may be obtained. The WG2600HP2 is a router product from NEC. A security vulnerability exists in NEC Aterm WG2600HP2 version 1.0.2
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0125",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wg2600hp2",
"scope": "eq",
"trust": 1.6,
"vendor": "aterm",
"version": "1.0.2"
},
{
"model": "wg2600hp2",
"scope": "eq",
"trust": 0.8,
"vendor": "nec platforms",
"version": "1.0.2"
},
{
"model": "aterm wg2600hp2",
"scope": "eq",
"trust": 0.6,
"vendor": "nec",
"version": "1.0.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15843"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014241"
},
{
"db": "NVD",
"id": "CVE-2017-12575"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-175"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:aterm:wg2600hp2_firmware:1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:aterm:wg2600hp2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12575"
}
]
},
"cve": "CVE-2017-12575",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-12575",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-15843",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-103111",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-12575",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-12575",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-15843",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-175",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-103111",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15843"
},
{
"db": "VULHUB",
"id": "VHN-103111"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014241"
},
{
"db": "NVD",
"id": "CVE-2017-12575"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-175"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on the NEC Aterm WG2600HP2 1.0.2. The router has a set of web service APIs for access to and setup of the configuration. Some APIs don\u0027t require authentication. An attacker could exploit this vulnerability by sending a crafted HTTP request to retrieve DHCP clients, firmware version, and network status (ex.: curl -X http://[IP]/aterm_httpif.cgi/negotiate -d \"REQ_ID=SUPPORT_IF_GET\"). NEC Aterm WG2600HP2 Contains an access control vulnerability.Information may be obtained. The WG2600HP2 is a router product from NEC. A security vulnerability exists in NEC Aterm WG2600HP2 version 1.0.2",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12575"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014241"
},
{
"db": "CNVD",
"id": "CNVD-2018-15843"
},
{
"db": "VULHUB",
"id": "VHN-103111"
}
],
"trust": 2.25
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-103111",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-103111"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-12575",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVN38248512",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014241",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201708-175",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-15843",
"trust": 0.6
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000006",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "149061",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-103111",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15843"
},
{
"db": "VULHUB",
"id": "VHN-103111"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014241"
},
{
"db": "NVD",
"id": "CVE-2017-12575"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-175"
}
]
},
"id": "VAR-201808-0125",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15843"
},
{
"db": "VULHUB",
"id": "VHN-103111"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15843"
}
]
},
"last_update_date": "2023-12-18T12:01:26.969000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Aterm WG2600HP2",
"trust": 0.8,
"url": "http://www.aterm.jp/product/atermstation/product/warpstar/wg2600hp2/index.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014241"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.1
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-103111"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014241"
},
{
"db": "NVD",
"id": "CVE-2017-12575"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://seclists.org/fulldisclosure/2018/aug/26"
},
{
"trust": 1.7,
"url": "http://jvn.jp/en/jp/jvn38248512/index.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12575"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12575"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2021/jvndb-2021-000006.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15843"
},
{
"db": "VULHUB",
"id": "VHN-103111"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014241"
},
{
"db": "NVD",
"id": "CVE-2017-12575"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-175"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-15843"
},
{
"db": "VULHUB",
"id": "VHN-103111"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014241"
},
{
"db": "NVD",
"id": "CVE-2017-12575"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-175"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-15843"
},
{
"date": "2018-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-103111"
},
{
"date": "2018-11-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014241"
},
{
"date": "2018-08-24T19:29:00.800000",
"db": "NVD",
"id": "CVE-2017-12575"
},
{
"date": "2017-08-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-175"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-15843"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-103111"
},
{
"date": "2018-11-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014241"
},
{
"date": "2021-01-26T18:15:24.223000",
"db": "NVD",
"id": "CVE-2017-12575"
},
{
"date": "2021-01-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-175"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-175"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NEC Aterm WG2600HP2 Access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014241"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-175"
}
],
"trust": 0.6
}
}