Lucene search

JpcertCVE-2021-20680

HistoryApr 26, 2021 - 1:15 a.m.

CVE-2021-20680

2021-04-2601:15:07

CWE-79

jpcert

web.nvd.nist.gov

cve-2021-20680

cross-site scripting

nec aterm

remote attackers

vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

47.1%

JSON

Cross-site scripting vulnerability in NEC Aterm devices (Aterm WG1900HP2 firmware Ver.1.3.1 and earlier, Aterm WG1900HP firmware Ver.2.5.1 and earlier, Aterm WG1800HP4 firmware Ver.1.3.1 and earlier, Aterm WG1800HP3 firmware Ver.1.5.1 and earlier, Aterm WG1200HS2 firmware Ver.2.5.0 and earlier, Aterm WG1200HP3 firmware Ver.1.3.1 and earlier, Aterm WG1200HP2 firmware Ver.2.5.0 and earlier, Aterm W1200EX firmware Ver.1.3.1 and earlier, Aterm W1200EX-MS firmware Ver.1.3.1 and earlier, Aterm WG1200HS firmware all versions Aterm WG1200HP firmware all versions Aterm WF800HP firmware all versions Aterm WF300HP2 firmware all versions Aterm WR8165N firmware all versions Aterm W500P firmware all versions, and Aterm W300P firmware all versions) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.

Affected configurations

Nvd

Vulners

Node

necaterm_wg1900hp2_firmwareRange≤1.3.1

AND

necaterm_wg1900hp2Match-

Node

necaterm_wg1900hp_firmwareRange≤2.5.1

AND

necaterm_wg1900hpMatch-

Node

necaterm_wg1800hp4_firmwareRange≤1.3.1

AND

necaterm_wg1800hp4Match-

Node

necaterm_wg1800hp3_firmwareRange≤1.5.1

AND

necaterm_wg1800hp3Match-

Node

necaterm_wg1200hs3_firmwareRange≤1.1.2

AND

necaterm_wg1200hs3Match-

Node

necaterm_wg1200hs2_firmwareRange≤2.5.0

AND

necaterm_wg1200hs2Match-

Node

necaterm_wg1200hp3_firmwareRange≤1.3.1

AND

necaterm_wg1200hp3Match-

Node

necaterm_wg1200hp2_firmwareRange≤2.5.0

AND

necaterm_wg1200hp2Match-

Node

necaterm_w1200ex_firmwareRange≤1.3.1

AND

necaterm_w1200exMatch-

Node

necaterm_w1200ex-ms_firmwareRange≤1.3.1

AND

necaterm_w1200ex-msMatch-

Node

necaterm_wg1200hs_firmware

AND

necaterm_wg1200hsMatch-

Node

necaterm_wg1200hp_firmware

AND

necaterm_wg1200hpMatch-

Node

necaterm_wf800hp_firmware

AND

necaterm_wf800hpMatch-

Node

necaterm_wf300hp2_firmware

AND

necaterm_wf300hp2Match-

Node

necaterm_wr8165n_firmware

AND

necaterm_wr8165nMatch-

Node

necaterm_w500p_firmware

AND

necaterm_w500pMatch-

Node

necaterm_w300p_firmware

AND

necaterm_w300pMatch-

VendorProductVersionCPE
necaterm_wg1900hp2_firmware*cpe:2.3:o:nec:aterm_wg1900hp2_firmware:*:*:*:*:*:*:*:*
necaterm_wg1900hp2-cpe:2.3:h:nec:aterm_wg1900hp2:-:*:*:*:*:*:*:*
necaterm_wg1900hp_firmware*cpe:2.3:o:nec:aterm_wg1900hp_firmware:*:*:*:*:*:*:*:*
necaterm_wg1900hp-cpe:2.3:h:nec:aterm_wg1900hp:-:*:*:*:*:*:*:*
necaterm_wg1800hp4_firmware*cpe:2.3:o:nec:aterm_wg1800hp4_firmware:*:*:*:*:*:*:*:*
necaterm_wg1800hp4-cpe:2.3:h:nec:aterm_wg1800hp4:-:*:*:*:*:*:*:*
necaterm_wg1800hp3_firmware*cpe:2.3:o:nec:aterm_wg1800hp3_firmware:*:*:*:*:*:*:*:*
necaterm_wg1800hp3-cpe:2.3:h:nec:aterm_wg1800hp3:-:*:*:*:*:*:*:*
necaterm_wg1200hs3_firmware*cpe:2.3:o:nec:aterm_wg1200hs3_firmware:*:*:*:*:*:*:*:*
necaterm_wg1200hs3-cpe:2.3:h:nec:aterm_wg1200hs3:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nec	aterm_wg1900hp2_firmware	*	cpe:2.3:o:nec:aterm_wg1900hp2_firmware::::::::
nec	aterm_wg1900hp2	-	cpe:2.3:h:nec:aterm_wg1900hp2:-:::::::*
nec	aterm_wg1900hp_firmware	*	cpe:2.3:o:nec:aterm_wg1900hp_firmware::::::::
nec	aterm_wg1900hp	-	cpe:2.3:h:nec:aterm_wg1900hp:-:::::::*
nec	aterm_wg1800hp4_firmware	*	cpe:2.3:o:nec:aterm_wg1800hp4_firmware::::::::
nec	aterm_wg1800hp4	-	cpe:2.3:h:nec:aterm_wg1800hp4:-:::::::*
nec	aterm_wg1800hp3_firmware	*	cpe:2.3:o:nec:aterm_wg1800hp3_firmware::::::::
nec	aterm_wg1800hp3	-	cpe:2.3:h:nec:aterm_wg1800hp3:-:::::::*
nec	aterm_wg1200hs3_firmware	*	cpe:2.3:o:nec:aterm_wg1200hs3_firmware::::::::
nec	aterm_wg1200hs3	-	cpe:2.3:h:nec:aterm_wg1200hs3:-:::::::*

Rows per page:

1-10 of 341

CNA Affected

[
  {
    "product": "NEC Aterm devices",
    "vendor": "NEC Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Aterm WG1900HP2 firmware Ver.1.3.1 and earlier, Aterm WG1900HP firmware Ver.2.5.1 and earlier, Aterm WG1800HP4 firmware Ver.1.3.1 and earlier, Aterm WG1800HP3 firmware Ver.1.5.1 and earlier, Aterm WG1200HS2 firmware Ver.2.5.0 and earlier, Aterm WG1200HP3 firmware Ver.1.3.1 and earlier, Aterm WG1200HP2 firmware Ver.2.5.0 and earlier, Aterm W1200EX firmware Ver.1.3.1 and earlier, Aterm W1200EX-MS firmware Ver.1.3.1 and earlier, Aterm WG1200HS firmware all versions Aterm WG1200HP firmware all versions Aterm WF800HP firmware all versions Aterm WF300HP2 firmware all versions Aterm WR8165N firmware all versions Aterm W500P firmware all versions, and  Aterm W300P firmware all versions"
      }
    ]
  }
]

References

jpn.nec.com/security-info/secinfo/nv21-008.html

jvn.jp/en/jp/JVN67456944/index.html

Social References

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

47.1%

JSON

Related for CVE-2021-20680