7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
23.6%
Aterm series provided by NEC Corporation contain multiple vulnerabilities listed below.
Directory traversal (CWE-22) - CVE-2023-3330
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N | Base Score: 2.6 |
CVSS v2 | AV:A/AC:M/Au:S/C:P/I:N/A:N | Base Score: 2.3 |
Directory traversal (CWE-22) - CVE-2023-3331
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N | Base Score: 2.6 |
CVSS v2 | AV:A/AC:M/Au:S/C:N/I:P/A:N | Base Score: 2.3 |
Stored cross-site scripting (CWE-79) - CVE-2023-3332
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N | Base Score: 4.3 |
CVSS v2 | AV:A/AC:M/Au:S/C:N/I:P/A:N | Base Score: 2.3 |
OS command injection (CWE-78) - CVE-2023-3333
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | Base Score: 6.8 |
CVSS v2 | A/AC:L/Au:S/C:C/I:C/A:C | Base Score: 7.7 |
Stop using the products
The affected products are no longer supported. Stop using the vulnerable products and consider switching to alternatives.
Apply a workaround
The developer states there is no plan to provide firmware updates for the affected products, therefore recommends users to apply workarounds to mitigate the impacts of the vulnerabilities before switching to alternatives.
For details, refer to the information provided by the developer.
All versions of following Aterm series are affected by the vulnerabilities.