jvndb-2021-000030
Vulnerability from jvndb
Published
2021-04-09 16:42
Modified
2021-04-09 16:42
Severity ?
8.8 (High) - cvssV3_0 - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in Aterm WF1200CR, Aterm WG1200CR, Aterm WG2600HS, and Aterm WX3000HP
Details
Aterm WF1200CR, Aterm WG1200CR, Aterm WG2600HS, and Aterm WX3000HP provided by NEC Corporation contain multiple vulnerabilities listed below. Aterm WF1200CR, Aterm WG1200CR, and Aterm WG2600HS *OS Command Injection (CWE-78) - CVE-2021-20708 *Improper Validation of Integrity Check Value (CWE-354) - CVE-2021-20709 Aterm WG2600HS *Cross-site Scripting (CWE-79) - CVE-2021-20710 *OS Command Injection (CWE-78) - CVE-2021-20711 Aterm WG2600HS, and WX3000HP *Improper Access Control (CWE-284) - CVE-2021-20712 CVE-2021-20708 and CVE-2021-20709 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2021-20710 and CVE-2021-20711 Satoru Nagaoka of Cyber Defense Institute, Inc. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2021-20712 Yoshimitsu Kato reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
JVN https://jvn.jp/en/jp/JVN29739718/index.html
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20708
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20709
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20710
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20711
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20712
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20708
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20709
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20710
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20711
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20712
Improper Input Validation(CWE-20) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Improper Access Control(CWE-284) https://cwe.mitre.org/data/definitions/284.html
OS Command Injection(CWE-78) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Cross-site Scripting(CWE-79) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Impacted products
NEC CorporationAterm WF1200CR firmware
NEC CorporationAterm WG1200CR firmware
NEC CorporationAterm WG2600HS firmware
NEC CorporationAterm WX3000HP firmware
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000030.html",
  "dc:date": "2021-04-09T16:42+09:00",
  "dcterms:issued": "2021-04-09T16:42+09:00",
  "dcterms:modified": "2021-04-09T16:42+09:00",
  "description": "Aterm WF1200CR, Aterm WG1200CR, Aterm WG2600HS, and Aterm WX3000HP provided by NEC Corporation contain multiple vulnerabilities listed below.\r\n\r\nAterm WF1200CR, Aterm WG1200CR, and Aterm WG2600HS\r\n*OS Command Injection (CWE-78) - CVE-2021-20708\r\n*Improper Validation of Integrity Check Value (CWE-354) - CVE-2021-20709\r\nAterm WG2600HS\r\n*Cross-site Scripting (CWE-79) - CVE-2021-20710\r\n*OS Command Injection (CWE-78) - CVE-2021-20711\r\nAterm WG2600HS, and WX3000HP\r\n*Improper Access Control (CWE-284) - CVE-2021-20712\r\n\r\nCVE-2021-20708 and CVE-2021-20709\r\nTaizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-20710 and CVE-2021-20711\r\nSatoru Nagaoka of Cyber Defense Institute, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-20712\r\nYoshimitsu Kato reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000030.html",
  "sec:cpe": [
    {
      "#text": "cpe:/o:nec:aterm_wf1200cr_firmware",
      "@product": "Aterm WF1200CR firmware",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wg1200cr_firmware",
      "@product": "Aterm WG1200CR firmware",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wg2600hs_firmware",
      "@product": "Aterm WG2600HS firmware",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wx3000hp_firmware",
      "@product": "Aterm WX3000HP firmware",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "8.3",
      "@severity": "High",
      "@type": "Base",
      "@vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
      "@version": "2.0"
    },
    {
      "@score": "8.8",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2021-000030",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN29739718/index.html",
      "@id": "JVN#29739718",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20708",
      "@id": "CVE-2021-20708",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20709",
      "@id": "CVE-2021-20709",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20710",
      "@id": "CVE-2021-20710",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20711",
      "@id": "CVE-2021-20711",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20712",
      "@id": "CVE-2021-20712",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20708",
      "@id": "CVE-2021-20708",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20709",
      "@id": "CVE-2021-20709",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20710",
      "@id": "CVE-2021-20710",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20711",
      "@id": "CVE-2021-20711",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20712",
      "@id": "CVE-2021-20712",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-20",
      "@title": "Improper Input Validation(CWE-20)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/284.html",
      "@id": "CWE-284",
      "@title": "Improper Access Control(CWE-284)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Multiple vulnerabilities in Aterm WF1200CR, Aterm WG1200CR, Aterm WG2600HS, and Aterm WX3000HP"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.