cvelistv5 - cve-2020-5525

CVE-2020-5525 (GCVE-0-2020-5525)

Vulnerability from cvelistv5 – Published: 2020-02-21 09:15 – Updated: 2024-08-04 08:30

Summary

Severity ?

No CVSS data available.

CWE

OS Command Injection

Assigner

jpcert

References

URL

Tags

	https://jvn.jp/en/jp/JVN49410695/index.html	x_refsource_MISC
	https://jpn.nec.com/security-info/secinfo/nv20-003.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	NEC Corporation	Aterm series	Affected: Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:30:24.540Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN49410695/index.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jpn.nec.com/security-info/secinfo/nv20-003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Aterm series",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via management screen."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "OS Command Injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-21T09:15:19",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN49410695/index.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jpn.nec.com/security-info/secinfo/nv20-003.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2020-5525",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Aterm series",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "NEC Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via management screen."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "OS Command Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jvn.jp/en/jp/JVN49410695/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN49410695/index.html"
            },
            {
              "name": "https://jpn.nec.com/security-info/secinfo/nv20-003.html",
              "refsource": "MISC",
              "url": "https://jpn.nec.com/security-info/secinfo/nv20-003.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2020-5525",
    "datePublished": "2020-02-21T09:15:19",
    "dateReserved": "2020-01-06T00:00:00",
    "dateUpdated": "2024-08-04T08:30:24.540Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:nec:aterm_wg2600hs_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.3.2\", \"matchCriteriaId\": \"9ED4D36D-BABE-459A-8B33-DFD0AF0DB73F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:nec:aterm_wg2600hs:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"623C9C7B-C947-49A8-9C1D-20B23FDA73ED\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:nec:aterm_wf1200c_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.2.1\", \"matchCriteriaId\": \"820303B5-B17B-4804-B1F9-ED4D62052C06\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:nec:aterm_wf1200c:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CBB82685-60AA-420A-BCBC-D9654EE256E3\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:nec:aterm_wg1200cr_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.2.1\", \"matchCriteriaId\": \"497C9C48-AAD8-4004-A193-9AFC9E8CF676\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:nec:aterm_wg1200cr:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"936D9DD3-11E5-4862-B157-85B13EA06C38\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via management screen.\"}, {\"lang\": \"es\", \"value\": \"Las series Aterm (Aterm WF1200C versiones de firmware Ver1.2.1 y anteriores, Aterm WG1200CR versiones de firmware Ver1.2.1 y anteriores, Aterm WG2600HS versiones de firmware Ver1.3.2 y anteriores), permite a un atacante autenticado en el mismo segmento de red ejecutar comandos arbitrarios de Sistema Operativo con privilegios root por medio de la pantalla de administraci\\u00f3n.\"}]",
      "id": "CVE-2020-5525",
      "lastModified": "2024-11-21T05:34:12.790",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.0, \"baseSeverity\": \"HIGH\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.1, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:A/AC:L/Au:S/C:C/I:C/A:C\", \"baseScore\": 7.7, \"accessVector\": \"ADJACENT_NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 5.1, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-02-21T10:15:11.780",
      "references": "[{\"url\": \"https://jpn.nec.com/security-info/secinfo/nv20-003.html\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Not Applicable\", \"Third Party Advisory\"]}, {\"url\": \"https://jvn.jp/en/jp/JVN49410695/index.html\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Not Applicable\", \"Third Party Advisory\"]}, {\"url\": \"https://jpn.nec.com/security-info/secinfo/nv20-003.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Not Applicable\", \"Third Party Advisory\"]}, {\"url\": \"https://jvn.jp/en/jp/JVN49410695/index.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Not Applicable\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "vultures@jpcert.or.jp",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-5525\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2020-02-21T10:15:11.780\",\"lastModified\":\"2024-11-21T05:34:12.790\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via management screen.\"},{\"lang\":\"es\",\"value\":\"Las series Aterm (Aterm WF1200C versiones de firmware Ver1.2.1 y anteriores, Aterm WG1200CR versiones de firmware Ver1.2.1 y anteriores, Aterm WG2600HS versiones de firmware Ver1.3.2 y anteriores), permite a un atacante autenticado en el mismo segmento de red ejecutar comandos arbitrarios de Sistema Operativo con privilegios root por medio de la pantalla de administraci\u00f3n.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.1,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":7.7,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":5.1,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:nec:aterm_wg2600hs_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.3.2\",\"matchCriteriaId\":\"9ED4D36D-BABE-459A-8B33-DFD0AF0DB73F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nec:aterm_wg2600hs:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"623C9C7B-C947-49A8-9C1D-20B23FDA73ED\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:nec:aterm_wf1200c_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.2.1\",\"matchCriteriaId\":\"820303B5-B17B-4804-B1F9-ED4D62052C06\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nec:aterm_wf1200c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBB82685-60AA-420A-BCBC-D9654EE256E3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:nec:aterm_wg1200cr_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.2.1\",\"matchCriteriaId\":\"497C9C48-AAD8-4004-A193-9AFC9E8CF676\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nec:aterm_wg1200cr:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"936D9DD3-11E5-4862-B157-85B13EA06C38\"}]}]}],\"references\":[{\"url\":\"https://jpn.nec.com/security-info/secinfo/nv20-003.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Not Applicable\",\"Third Party Advisory\"]},{\"url\":\"https://jvn.jp/en/jp/JVN49410695/index.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Not Applicable\",\"Third Party Advisory\"]},{\"url\":\"https://jpn.nec.com/security-info/secinfo/nv20-003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\",\"Third Party Advisory\"]},{\"url\":\"https://jvn.jp/en/jp/JVN49410695/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\",\"Third Party Advisory\"]}]}}"
  }
}

JVNDB-2020-000016

Vulnerability from jvndb - Published: 2020-02-19 14:39 - Updated:2020-02-19 14:39

Severity ?

8.8 (High) - cvssV3_0 - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Multiple OS command injection vulnerabilities in Aterm WF1200C, Aterm WG1200CR, and Aterm WG2600HS

Details

Aterm WF1200C, Aterm WG1200CR, and Aterm WG2600HS provided by NEC Corporation contain multiple OS command injection vulnerabilities listed below. * OS command injection vulnerability in UPnP function (CWE-78) - CVE-2020-5524 * OS command injection vulnerability in management screen (CWE-78) - CVE-2020-5525 Rintaro Fujita and Takayuki Kamiyama of Nippon Telegraph and Telephone Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	https://jvn.jp/en/jp/JVN25766797/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5524
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5525
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-5524
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-5525
	OS Command Injection(CWE-78)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	NEC Corporation	Aterm WF1200CR firmware
	NEC Corporation	Aterm WG1200CR firmware
	NEC Corporation	Aterm WG2600HS firmware

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000016.html",
  "dc:date": "2020-02-19T14:39+09:00",
  "dcterms:issued": "2020-02-19T14:39+09:00",
  "dcterms:modified": "2020-02-19T14:39+09:00",
  "description": "Aterm WF1200C, Aterm WG1200CR, and Aterm WG2600HS provided by NEC Corporation contain multiple OS command injection vulnerabilities listed below. \r\n* OS command injection vulnerability in UPnP function (CWE-78) - CVE-2020-5524\r\n* OS command injection vulnerability in management screen (CWE-78) - CVE-2020-5525\r\n\r\nRintaro Fujita and Takayuki Kamiyama of Nippon Telegraph and Telephone Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000016.html",
  "sec:cpe": [
    {
      "#text": "cpe:/o:nec:aterm_wf1200cr_firmware",
      "@product": "Aterm WF1200CR firmware",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wg1200cr_firmware",
      "@product": "Aterm WG1200CR firmware",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wg2600hs_firmware",
      "@product": "Aterm WG2600HS firmware",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "8.3",
      "@severity": "High",
      "@type": "Base",
      "@vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
      "@version": "2.0"
    },
    {
      "@score": "8.8",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2020-000016",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN25766797/index.html",
      "@id": "JVN#25766797",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5524",
      "@id": "CVE-2020-5524",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5525",
      "@id": "CVE-2020-5525",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5524",
      "@id": "CVE-2020-5524",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5525",
      "@id": "CVE-2020-5525",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    }
  ],
  "title": "Multiple OS command injection vulnerabilities in Aterm WF1200C, Aterm WG1200CR, and Aterm WG2600HS"
}

GHSA-M46C-JXP2-97P9

Vulnerability from github – Published: 2022-05-24 17:09 – Updated: 2022-05-24 17:09

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-5525"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-02-21T10:15:00Z",
    "severity": "HIGH"
  },
  "details": "Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via management screen.",
  "id": "GHSA-m46c-jxp2-97p9",
  "modified": "2022-05-24T17:09:27Z",
  "published": "2022-05-24T17:09:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5525"
    },
    {
      "type": "WEB",
      "url": "https://jpn.nec.com/security-info/secinfo/nv20-003.html"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN49410695/index.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2020-5525

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2020-5525

Aliases

CVE-2020-5525

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-5525",
    "description": "Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via management screen.",
    "id": "GSD-2020-5525"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-5525"
      ],
      "details": "Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via management screen.",
      "id": "GSD-2020-5525",
      "modified": "2023-12-13T01:22:03.982170Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2020-5525",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Aterm series",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "NEC Corporation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via management screen."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "OS Command Injection"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://jvn.jp/en/jp/JVN49410695/index.html",
            "refsource": "MISC",
            "url": "https://jvn.jp/en/jp/JVN49410695/index.html"
          },
          {
            "name": "https://jpn.nec.com/security-info/secinfo/nv20-003.html",
            "refsource": "MISC",
            "url": "https://jpn.nec.com/security-info/secinfo/nv20-003.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:nec:aterm_wg2600hs_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.3.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:nec:aterm_wg2600hs:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:nec:aterm_wf1200c_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.2.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:nec:aterm_wf1200c:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:nec:aterm_wg1200cr_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.2.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:nec:aterm_wg1200cr:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2020-5525"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via management screen."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jvn.jp/en/jp/JVN49410695/index.html",
              "refsource": "MISC",
              "tags": [
                "Not Applicable",
                "Third Party Advisory"
              ],
              "url": "https://jvn.jp/en/jp/JVN49410695/index.html"
            },
            {
              "name": "https://jpn.nec.com/security-info/secinfo/nv20-003.html",
              "refsource": "MISC",
              "tags": [
                "Not Applicable",
                "Third Party Advisory"
              ],
              "url": "https://jpn.nec.com/security-info/secinfo/nv20-003.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.7,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 5.1,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.1,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-02-21T17:39Z",
      "publishedDate": "2020-02-21T10:15Z"
    }
  }
}

VAR-202002-1034

Vulnerability from variot - Updated: 2023-12-18 12:27

Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via management screen. Provided by NEC Corporation Aterm WF1200CR , WG1200CR and WG2600HS To the following multiple OS A command injection vulnerability exists. ・ UPnP In function OS Command injection (CWE-78) - CVE-2020-5524 ・ On the management screen OS Command injection (CWE-78) - CVE-2020-5525 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Nippon Telegraph and Telephone Corporation Fujita Rintaro Mr. Kamiyama Takayuki MrThe expected impact depends on each vulnerability, but it may be affected as follows. ・ Of the product UPnP Depending on the user who has access to the feature's interface root Arbitrary with authority OS Command is executed - CVE-2020-5524 -By a user who can access the management screen of the product root Arbitrary with authority OS Command is executed - CVE-2020-5525. NEC Aterm WF1200C and others are wireless routers from NEC Corporation.

There is an operating system command injection vulnerability in NEC Aterm WF1200C 1.2.1 and earlier versions, Aterm WG1200CR 1.2.1 and earlier versions and Aterm WG2600HS 1.3.2 and earlier versions, which originated from the process of externally inputting data to construct the operating system executable commands , The network system or product does not properly filter the special characters, commands, etc. An attacker could use this vulnerability to execute illegal operating system commands

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202002-1034",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "aterm wg2600hs",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "nec",
        "version": "1.3.2"
      },
      {
        "model": "aterm wg1200cr",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "nec",
        "version": "1.2.1"
      },
      {
        "model": "aterm wf1200c",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "nec",
        "version": "1.2.1"
      },
      {
        "model": "aterm wf1200cr",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver1.2.1"
      },
      {
        "model": "aterm wg1200cr",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver1.2.1"
      },
      {
        "model": "aterm wg2600hs",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "\u30d5\u30a1\u30fc\u30e0\u30a6\u30a7\u30a2 ver1.3.2"
      },
      {
        "model": "aterm wg1200cr",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "nec",
        "version": "\u003c=1.2.1"
      },
      {
        "model": "aterm wg2600hs",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "nec",
        "version": "\u003c=1.3.2"
      },
      {
        "model": "aterm wf1200c",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "nec",
        "version": "\u003c=1.2.1"
      },
      {
        "model": "aterm wg2600hs",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "aterm wg1200cr",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "aterm wf1200c",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nec",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-13182"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-000016"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-5525"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-1003"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:nec:aterm_wg2600hs_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.3.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:nec:aterm_wg2600hs:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:nec:aterm_wf1200c_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.2.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:nec:aterm_wf1200c:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:nec:aterm_wg1200cr_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.2.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:nec:aterm_wg1200cr:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-5525"
      }
    ]
  },
  "cve": "CVE-2020-5525",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.7,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 5.1,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Adjacent Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "Complete",
            "baseScore": 8.3,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-000016",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Adjacent Network",
            "authentication": "Single",
            "author": "IPA",
            "availabilityImpact": "Complete",
            "baseScore": 7.7,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-000016",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.2,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 5.1,
            "id": "CNVD-2020-13182",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.1,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "IPA",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-000016",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "IPA",
            "availabilityImpact": "High",
            "baseScore": 6.8,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-000016",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-5525",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2020-000016",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2020-000016",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-13182",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202002-1003",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-13182"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-000016"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-000016"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-5525"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-1003"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via management screen. Provided by NEC Corporation Aterm WF1200CR , WG1200CR and WG2600HS To the following multiple OS A command injection vulnerability exists. \u30fb UPnP In function OS Command injection (CWE-78) - CVE-2020-5524 \u30fb On the management screen OS Command injection (CWE-78) - CVE-2020-5525 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Nippon Telegraph and Telephone Corporation Fujita Rintaro Mr. Kamiyama Takayuki MrThe expected impact depends on each vulnerability, but it may be affected as follows. \u30fb Of the product UPnP Depending on the user who has access to the feature\u0027s interface root Arbitrary with authority OS Command is executed - CVE-2020-5524 -By a user who can access the management screen of the product root Arbitrary with authority OS Command is executed - CVE-2020-5525. NEC Aterm WF1200C and others are wireless routers from NEC Corporation. \n\r\n\r\nThere is an operating system command injection vulnerability in NEC Aterm WF1200C 1.2.1 and earlier versions, Aterm WG1200CR 1.2.1 and earlier versions and Aterm WG2600HS 1.3.2 and earlier versions, which originated from the process of externally inputting data to construct the operating system executable commands , The network system or product does not properly filter the special characters, commands, etc. An attacker could use this vulnerability to execute illegal operating system commands",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-5525"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-000016"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-13182"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-5525",
        "trust": 3.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-000016",
        "trust": 2.0
      },
      {
        "db": "JVN",
        "id": "JVN49410695",
        "trust": 1.6
      },
      {
        "db": "JVN",
        "id": "JVN25766797",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-13182",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-1003",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-13182"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-000016"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-5525"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-1003"
      }
    ]
  },
  "id": "VAR-202002-1034",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-13182"
      }
    ],
    "trust": 1.0474207975
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-13182"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:27:40.064000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Aterm\u30b7\u30ea\u30fc\u30ba\u306b\u304a\u3051\u308b\u8907\u6570\u306eOS\u30b3\u30de\u30f3\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3",
        "trust": 0.8,
        "url": "https://jpn.nec.com/security-info/secinfo/nv20-005.html"
      },
      {
        "title": "Patch for NEC Aterm WF1200C, Aterm WG1200CR and Aterm WG2600HS operating system command injection vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/204541"
      },
      {
        "title": "NEC Aterm WF1200C , Aterm WG1200CR  and Aterm WG2600HS Fixes for operating system command injection vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=110554"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-13182"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-000016"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-1003"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-78",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-000016"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-5525"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "https://jpn.nec.com/security-info/secinfo/nv20-003.html"
      },
      {
        "trust": 1.6,
        "url": "https://jvn.jp/en/jp/jvn49410695/index.html"
      },
      {
        "trust": 1.2,
        "url": "https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-000016.html"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5524"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5525"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/jp/jvn25766797/index.html"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5525"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-13182"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-000016"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-5525"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-1003"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-13182"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-000016"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-5525"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-1003"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-02-25T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-13182"
      },
      {
        "date": "2020-02-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-000016"
      },
      {
        "date": "2020-02-21T10:15:11.780000",
        "db": "NVD",
        "id": "CVE-2020-5525"
      },
      {
        "date": "2020-02-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202002-1003"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-02-25T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-13182"
      },
      {
        "date": "2020-02-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-000016"
      },
      {
        "date": "2020-02-21T17:39:19.543000",
        "db": "NVD",
        "id": "CVE-2020-5525"
      },
      {
        "date": "2020-03-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202002-1003"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote or local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-1003"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Aterm WF1200CR , WG1200CR and  WG2600HS Multiple in  OS Command injection vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-000016"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "operating system commend injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-1003"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2020-5525

Vulnerability from fkie_nvd - Published: 2020-02-21 10:15 - Updated: 2024-11-21 05:34

Severity ?

8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
vultures@jpcert.or.jp	https://jpn.nec.com/security-info/secinfo/nv20-003.html	Not Applicable, Third Party Advisory
vultures@jpcert.or.jp	https://jvn.jp/en/jp/JVN49410695/index.html	Not Applicable, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jpn.nec.com/security-info/secinfo/nv20-003.html	Not Applicable, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/en/jp/JVN49410695/index.html	Not Applicable, Third Party Advisory

Impacted products

Vendor	Product	Version
nec	aterm_wg2600hs_firmware	*
nec	aterm_wg2600hs	-
nec	aterm_wf1200c_firmware	*
nec	aterm_wf1200c	-
nec	aterm_wg1200cr_firmware	*
nec	aterm_wg1200cr	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:nec:aterm_wg2600hs_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9ED4D36D-BABE-459A-8B33-DFD0AF0DB73F",
              "versionEndIncluding": "1.3.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:nec:aterm_wg2600hs:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "623C9C7B-C947-49A8-9C1D-20B23FDA73ED",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:nec:aterm_wf1200c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "820303B5-B17B-4804-B1F9-ED4D62052C06",
              "versionEndIncluding": "1.2.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:nec:aterm_wf1200c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBB82685-60AA-420A-BCBC-D9654EE256E3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:nec:aterm_wg1200cr_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "497C9C48-AAD8-4004-A193-9AFC9E8CF676",
              "versionEndIncluding": "1.2.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:nec:aterm_wg1200cr:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "936D9DD3-11E5-4862-B157-85B13EA06C38",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via management screen."
    },
    {
      "lang": "es",
      "value": "Las series Aterm (Aterm WF1200C versiones de firmware Ver1.2.1 y anteriores, Aterm WG1200CR versiones de firmware Ver1.2.1 y anteriores, Aterm WG2600HS versiones de firmware Ver1.3.2 y anteriores), permite a un atacante autenticado en el mismo segmento de red ejecutar comandos arbitrarios de Sistema Operativo con privilegios root por medio de la pantalla de administraci\u00f3n."
    }
  ],
  "id": "CVE-2020-5525",
  "lastModified": "2024-11-21T05:34:12.790",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.7,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 5.1,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-02-21T10:15:11.780",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Not Applicable",
        "Third Party Advisory"
      ],
      "url": "https://jpn.nec.com/security-info/secinfo/nv20-003.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Not Applicable",
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/jp/JVN49410695/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable",
        "Third Party Advisory"
      ],
      "url": "https://jpn.nec.com/security-info/secinfo/nv20-003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable",
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/jp/JVN49410695/index.html"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2020-13182

Vulnerability from cnvd - Published: 2020-02-25

Title

NEC Aterm WF1200C、Aterm WG1200CR和Aterm WG2600HS 操作系统命令注入漏洞

Description

NEC Aterm WF1200C等都是日本电气（NEC）公司的一款无线路由器。 NEC Aterm WF1200C 1.2.1及之前版本、Aterm WG1200CR 1.2.1及之前版本和Aterm WG2600HS 1.3.2及之前版本中存在操作系统命令注入漏洞，该漏洞源于外部输入数据构造操作系统可执行命令过程中，网络系统或产品未正确过滤其中的特殊字符、命令等。攻击者可利用该漏洞执行非法操作系统命令。

Severity

中

Patch Name

NEC Aterm WF1200C、Aterm WG1200CR和Aterm WG2600HS 操作系统命令注入漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://jpn.nec.com/security-info/secinfo/nv20-005.html

Reference

https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000016.html

Impacted products

Name
['NEC Aterm WG1200CR <=1.2.1', 'NEC Aterm WG2600HS <=1.3.2', 'NEC Aterm WF1200C <=1.2.1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-5525",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5525"
    }
  },
  "description": "NEC Aterm WF1200C\u7b49\u90fd\u662f\u65e5\u672c\u7535\u6c14\uff08NEC\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u8def\u7531\u5668\u3002\n\nNEC Aterm WF1200C 1.2.1\u53ca\u4e4b\u524d\u7248\u672c\u3001Aterm WG1200CR 1.2.1\u53ca\u4e4b\u524d\u7248\u672c\u548cAterm WG2600HS 1.3.2\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5916\u90e8\u8f93\u5165\u6570\u636e\u6784\u9020\u64cd\u4f5c\u7cfb\u7edf\u53ef\u6267\u884c\u547d\u4ee4\u8fc7\u7a0b\u4e2d\uff0c\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u6b63\u786e\u8fc7\u6ee4\u5176\u4e2d\u7684\u7279\u6b8a\u5b57\u7b26\u3001\u547d\u4ee4\u7b49\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u975e\u6cd5\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://jpn.nec.com/security-info/secinfo/nv20-005.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-13182",
  "openTime": "2020-02-25",
  "patchDescription": "NEC Aterm WF1200C\u7b49\u90fd\u662f\u65e5\u672c\u7535\u6c14\uff08NEC\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u8def\u7531\u5668\u3002\r\n\r\nNEC Aterm WF1200C 1.2.1\u53ca\u4e4b\u524d\u7248\u672c\u3001Aterm WG1200CR 1.2.1\u53ca\u4e4b\u524d\u7248\u672c\u548cAterm WG2600HS 1.3.2\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5916\u90e8\u8f93\u5165\u6570\u636e\u6784\u9020\u64cd\u4f5c\u7cfb\u7edf\u53ef\u6267\u884c\u547d\u4ee4\u8fc7\u7a0b\u4e2d\uff0c\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u6b63\u786e\u8fc7\u6ee4\u5176\u4e2d\u7684\u7279\u6b8a\u5b57\u7b26\u3001\u547d\u4ee4\u7b49\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u975e\u6cd5\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "NEC Aterm WF1200C\u3001Aterm WG1200CR\u548cAterm WG2600HS \u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "NEC Aterm WG1200CR \u003c=1.2.1",
      "NEC Aterm WG2600HS \u003c=1.3.2",
      "NEC Aterm WF1200C \u003c=1.2.1"
    ]
  },
  "referenceLink": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000016.html",
  "serverity": "\u4e2d",
  "submitTime": "2020-02-19",
  "title": "NEC Aterm WF1200C\u3001Aterm WG1200CR\u548cAterm WG2600HS \u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-5525 (GCVE-0-2020-5525)

JVNDB-2020-000016

GHSA-M46C-JXP2-97P9

GSD-2020-5525

VAR-202002-1034

FKIE_CVE-2020-5525

CNVD-2020-13182

Tags

Sightings

Nomenclature