Japan Vulnerability NotesJVN:29739718JVN#29739718: Multiple vulnerabilities in Aterm WF1200CR, Aterm WG1200CR, Aterm WG2600HS, and Aterm WX3000HP
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
64.8%
Aterm WF1200CR, Aterm WG1200CR, Aterm WG2600HS, and Aterm WX3000HP provided by NEC Corporation contain multiple vulnerabilities listed below.
Aterm WF1200CR, Aterm WG1200CR, and Aterm WG2600HS
OS Command Injection (CWE-78) - CVE-2021-20708
| Version | Vector | Score |
|---|---|---|
| CVSS v3 | CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | Base Score: 6.8 |
| CVSS v2 | AV:A/AC:L/Au:S/C:P/I:P/A:P | Base Score: 5.2 |
Improper Validation of Integrity Check Value (CWE-354) - CVE-2021-20709
| Version | Vector | Score |
|---|---|---|
| CVSS v3 | CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | Base Score: 6.8 |
| CVSS v2 | AV:A/AC:L/Au:S/C:P/I:P/A:P | Base Score: 5.2 |
Aterm WG2600HS****Cross-site Scripting (CWE-79) - CVE-2021-20710
| Version | Vector | Score |
|---|---|---|
| CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | Base Score: 6.1 |
| CVSS v2 | AV:N/AC:H/Au:N/C:N/I:P/A:N | Base Score: 2.6 |
OS Command Injection (CWE-78) - CVE-2021-20711
| Version | Vector | Score |
|---|---|---|
| CVSS v3 | CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/ | Base Score: 8.8 |
| CVSS v2 | AV:A/AC:L/Au:N/C:C/I:C/A:C | Base Score: 8.3 |
Aterm WG2600HS, and WX3000HP****Improper Access Control (CWE-284) - CVE-2021-20712
| Version | Vector | Score |
|---|---|---|
| CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | Base Score: 5.3 |
| CVSS v2 | AV:N/AC:L/Au:N/C:P/I:N/A:N | Base Score: 5.0 |
Impact
- If an attacker who can access the device sends a specially crafted request to a specific URL, an arbitrary command may be executed - CVE-2021-20708
- If a user sends a specially crafted request to a specific URL while logging into the management screen of the device, an arbitrary command may be executed - CVE-2021-20709
- An arbitrary script may be executed on the user’s web browser - CVE-2021-20710
- An attacker who can access the management screen of the device may execute an arbitrary command - CVE-2021-20711
- Because of the defect in the IPv6 firewall function, devices connected to the LAN side may be accessed from the WAN side etc - CVE-2021-20712
Solution
Update the firmware
Apply the appropriate firmware update according to the information provided by the developer.
Products Affected
- Aterm WF1200CR firmware Ver1.3.2 and earlier
- Aterm WG1200CR firmware Ver1.3.3 and earlier
- Aterm WG2600HS firmware Ver1.5.1 and earlier
- Aterm WX3000HP firmware Ver1.1.2 and earlier
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
64.8%