Lucene search

[email protected]CVE-2021-20680

HistoryApr 26, 2021 - 1:15 a.m.

CVE-2021-20680

2021-04-2601:15:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2021-20680

cross-site scripting

nec aterm

remote attackers

vulnerability

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

46.5%

JSON

Cross-site scripting vulnerability in NEC Aterm devices (Aterm WG1900HP2 firmware Ver.1.3.1 and earlier, Aterm WG1900HP firmware Ver.2.5.1 and earlier, Aterm WG1800HP4 firmware Ver.1.3.1 and earlier, Aterm WG1800HP3 firmware Ver.1.5.1 and earlier, Aterm WG1200HS2 firmware Ver.2.5.0 and earlier, Aterm WG1200HP3 firmware Ver.1.3.1 and earlier, Aterm WG1200HP2 firmware Ver.2.5.0 and earlier, Aterm W1200EX firmware Ver.1.3.1 and earlier, Aterm W1200EX-MS firmware Ver.1.3.1 and earlier, Aterm WG1200HS firmware all versions Aterm WG1200HP firmware all versions Aterm WF800HP firmware all versions Aterm WF300HP2 firmware all versions Aterm WR8165N firmware all versions Aterm W500P firmware all versions, and Aterm W300P firmware all versions) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.

CPENameOperatorVersion
nec:aterm_wg1900hp2_firmwarenec aterm wg1900hp2 firmwarele1.3.1
nec:aterm_wg1900hp_firmwarenec aterm wg1900hp firmwarele2.5.1
nec:aterm_wg1800hp4_firmwarenec aterm wg1800hp4 firmwarele1.3.1
nec:aterm_wg1800hp3_firmwarenec aterm wg1800hp3 firmwarele1.5.1
nec:aterm_wg1200hs3_firmwarenec aterm wg1200hs3 firmwarele1.1.2
nec:aterm_wg1200hs2_firmwarenec aterm wg1200hs2 firmwarele2.5.0
nec:aterm_wg1200hp3_firmwarenec aterm wg1200hp3 firmwarele1.3.1
nec:aterm_wg1200hp2_firmwarenec aterm wg1200hp2 firmwarele2.5.0
nec:aterm_w1200ex_firmwarenec aterm w1200ex firmwarele1.3.1
nec:aterm_w1200ex-ms_firmwarenec aterm w1200ex-ms firmwarele1.3.1

CPE	Name	Operator	Version
nec:aterm_wg1900hp2_firmware	nec aterm wg1900hp2 firmware	le	1.3.1
nec:aterm_wg1900hp_firmware	nec aterm wg1900hp firmware	le	2.5.1
nec:aterm_wg1800hp4_firmware	nec aterm wg1800hp4 firmware	le	1.3.1
nec:aterm_wg1800hp3_firmware	nec aterm wg1800hp3 firmware	le	1.5.1
nec:aterm_wg1200hs3_firmware	nec aterm wg1200hs3 firmware	le	1.1.2
nec:aterm_wg1200hs2_firmware	nec aterm wg1200hs2 firmware	le	2.5.0
nec:aterm_wg1200hp3_firmware	nec aterm wg1200hp3 firmware	le	1.3.1
nec:aterm_wg1200hp2_firmware	nec aterm wg1200hp2 firmware	le	2.5.0
nec:aterm_w1200ex_firmware	nec aterm w1200ex firmware	le	1.3.1
nec:aterm_w1200ex-ms_firmware	nec aterm w1200ex-ms firmware	le	1.3.1

Rows per page:

1-10 of 171

References

jpn.nec.com/security-info/secinfo/nv21-008.html

jvn.jp/en/jp/JVN67456944/index.html

Social References

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

46.5%

JSON

Related for CVE-2021-20680

prion1 jvn1