Lucene search

[email protected]NVD:CVE-2023-3330

HistoryJun 28, 2023 - 2:15 a.m.

CVE-2023-3330

2023-06-2802:15:49

CWE-22

[email protected]

web.nvd.nist.gov

cve-2023-3330

nec corporation

pathname restriction

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.9

Confidence

High

EPSS

0.001

Percentile

19.1%

JSON

Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to obtain specific files in the product.

Affected configurations

Nvd

Node

necaterm_wf300hp_firmwareMatch-

AND

necaterm_wf300hpMatch-

Node

necaterm_wg1400hp_firmwareMatch-

AND

necaterm_wg1400hpMatch-

Node

necaterm_wg1800hp_firmwareMatch-

AND

necaterm_wg1800hpMatch-

Node

necaterm_wg1800hp2_firmwareMatch-

AND

necaterm_wg1800hp2Match-

Node

necaterm_wg2200hp_firmwareMatch-

AND

necaterm_wg2200hpMatch-

Node

necaterm_wg2600hp_firmwareMatch-

AND

necaterm_wg2600hpMatch-

Node

necaterm_wg2600hp2_firmwareMatch-

AND

necaterm_wg2600hp2Match-

Node

necaterm_wg300hp_firmwareMatch-

AND

necaterm_wg300hpMatch-

Node

necaterm_wg600hp_firmwareMatch-

AND

necaterm_wg600hpMatch-

Node

necaterm_wr8600n_firmwareMatch-

AND

necaterm_wr8600nMatch-

Node

necaterm_wr8700n_firmwareMatch-

AND

necaterm_wr8700nMatch-

Node

necaterm_wr8750n_firmwareMatch-

AND

necaterm_wr8750nMatch-

Node

necaterm_wr9300n_firmwareMatch-

AND

necaterm_wr9300nMatch-

Node

necaterm_wr9500n_firmwareMatch-

AND

necaterm_wr9500nMatch-

Node

necaterm_wr8170n_firmwareMatch-

AND

necaterm_wr8170nMatch-

Node

necaterm_wr8175n_firmwareMatch-

AND

necaterm_wr8175nMatch-

Node

necaterm_wr8370n_firmwareMatch-

AND

necaterm_wr8370nMatch-

VendorProductVersionCPE
necaterm_wf300hp_firmware-cpe:2.3:o:nec:aterm_wf300hp_firmware:-:*:*:*:*:*:*:*
necaterm_wf300hp-cpe:2.3:h:nec:aterm_wf300hp:-:*:*:*:*:*:*:*
necaterm_wg1400hp_firmware-cpe:2.3:o:nec:aterm_wg1400hp_firmware:-:*:*:*:*:*:*:*
necaterm_wg1400hp-cpe:2.3:h:nec:aterm_wg1400hp:-:*:*:*:*:*:*:*
necaterm_wg1800hp_firmware-cpe:2.3:o:nec:aterm_wg1800hp_firmware:-:*:*:*:*:*:*:*
necaterm_wg1800hp-cpe:2.3:h:nec:aterm_wg1800hp:-:*:*:*:*:*:*:*
necaterm_wg1800hp2_firmware-cpe:2.3:o:nec:aterm_wg1800hp2_firmware:-:*:*:*:*:*:*:*
necaterm_wg1800hp2-cpe:2.3:h:nec:aterm_wg1800hp2:-:*:*:*:*:*:*:*
necaterm_wg2200hp_firmware-cpe:2.3:o:nec:aterm_wg2200hp_firmware:-:*:*:*:*:*:*:*
necaterm_wg2200hp-cpe:2.3:h:nec:aterm_wg2200hp:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nec	aterm_wf300hp_firmware	-	cpe:2.3:o:nec:aterm_wf300hp_firmware:-:::::::*
nec	aterm_wf300hp	-	cpe:2.3:h:nec:aterm_wf300hp:-:::::::*
nec	aterm_wg1400hp_firmware	-	cpe:2.3:o:nec:aterm_wg1400hp_firmware:-:::::::*
nec	aterm_wg1400hp	-	cpe:2.3:h:nec:aterm_wg1400hp:-:::::::*
nec	aterm_wg1800hp_firmware	-	cpe:2.3:o:nec:aterm_wg1800hp_firmware:-:::::::*
nec	aterm_wg1800hp	-	cpe:2.3:h:nec:aterm_wg1800hp:-:::::::*
nec	aterm_wg1800hp2_firmware	-	cpe:2.3:o:nec:aterm_wg1800hp2_firmware:-:::::::*
nec	aterm_wg1800hp2	-	cpe:2.3:h:nec:aterm_wg1800hp2:-:::::::*
nec	aterm_wg2200hp_firmware	-	cpe:2.3:o:nec:aterm_wg2200hp_firmware:-:::::::*
nec	aterm_wg2200hp	-	cpe:2.3:h:nec:aterm_wg2200hp:-:::::::*

Rows per page:

1-10 of 341

References

jpn.nec.com/security-info/secinfo/nv23-007_en.html

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.9

Confidence

High

EPSS

0.001

Percentile

19.1%

JSON

Related for NVD:CVE-2023-3330

prion3 cve3 cvelist3 nvd2 jvn1