Lucene search
HistoryJun 28, 2023 - 2:15 a.m.
CVE-2023-3332
cve
2023
3332
nec corporation
aterm
wg2600hp2
wg2600hp
wg2200hp
wg1800hp2
wg1800hp
wg1400hp
wg600hp
wg300hp
wf300hp
wr9500n
wr9300n
wr8750n
wr8700n
wr8600n
wr8370n
wr8175n
wr8170n
vulnerability
web page generation
arbitrary script
high privilege
cve-2023-3330
cve-2023-3331
nvd
4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
5.1 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
16.0%
Improper Neutralization of Input During Web Page Generation vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allowsย a attackerย to
execute an arbitrary script, after obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities.
Affected configurations
Node
necaterm_wf300hp_firmwareMatch-
necaterm_wf300hpMatch-
Node
necaterm_wg1400hp_firmwareMatch-
necaterm_wg1400hpMatch-
Node
necaterm_wg1800hp_firmwareMatch-
necaterm_wg1800hpMatch-
Node
necaterm_wg1800hp2_firmwareMatch-
necaterm_wg1800hp2Match-
Node
necaterm_wg2200hp_firmwareMatch-
necaterm_wg2200hpMatch-
Node
necaterm_wg2600hp_firmwareMatch-
necaterm_wg2600hpMatch-
Node
necaterm_wg2600hp2_firmwareMatch-
necaterm_wg2600hp2Match-
Node
necaterm_wg300hp_firmwareMatch-
necaterm_wg300hpMatch-
Node
necaterm_wg600hp_firmwareMatch-
necaterm_wg600hpMatch-
Node
necaterm_wr8600n_firmwareMatch-
necaterm_wr8600nMatch-
Node
necaterm_wr8700n_firmwareMatch-
necaterm_wr8700nMatch-
Node
necaterm_wr8750n_firmwareMatch-
necaterm_wr8750nMatch-
Node
necaterm_wr9300n_firmwareMatch-
necaterm_wr9300nMatch-
Node
necaterm_wr9500n_firmwareMatch-
necaterm_wr9500nMatch-
Node
necaterm_wr8170n_firmwareMatch-
necaterm_wr8170nMatch-
Node
necaterm_wr8175n_firmwareMatch-
necaterm_wr8175nMatch-
Node
necaterm_wr8370n_firmwareMatch-
necaterm_wr8370nMatch-
| CPE | Name | Operator | Version |
|---|---|---|---|
| nec:aterm_wf300hp_firmware | nec aterm wf300hp firmware | eq | - |
CNA Affected
[
{
"defaultStatus": "unknown",
"product": "Aterm WG2600HP2",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WG2600HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WG2200HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WG2200HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WG1800HP2",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WG1800HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WG1400HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WG600HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WG300HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WF300HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WR9500N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WR9300N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WR8750N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WR8700N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WR8600N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WR8370N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WR8175N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aterm WR8170N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
]Related
cvelist
cvelist
nvd
nvd
prion
prion
Design/Logic Flaw
2023-06-28 02:15:00
Command injection
2023-06-28 02:15:00
Design/Logic Flaw
2023-06-28 02:15:00
jvn
jvn
JVN#38343415: Multiple vulnerabilities in Aterm series
2023-06-27 00:00:00
cve
cve
4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
5.1 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
16.0%
Related for CVE-2023-3332