CVE-2021-20680

Cross-site scripting vulnerability in NEC Aterm devices (Aterm WG1900HP2 firmware Ver.1.3.1 and earlier, Aterm WG1900HP firmware Ver.2.5.1 and earlier, Aterm WG1800HP4 firmware Ver.1.3.1 and earlier, Aterm WG1800HP3 firmware Ver.1.5.1 and earlier, Aterm WG1200HS2 firmware Ver.2.5.0 and earlier, Aterm WG1200HP3 firmware Ver.1.3.1 and earlier, Aterm WG1200HP2 firmware Ver.2.5.0 and earlier, Aterm W1200EX firmware Ver.1.3.1 and earlier, Aterm W1200EX-MS firmware Ver.1.3.1 and earlier, Aterm WG1200HS firmware all versions Aterm WG1200HP firmware all versions Aterm WF800HP firmware all versions Aterm WF300HP2 firmware all versions Aterm WR8165N firmware all versions Aterm W500P firmware all versions, and Aterm W300P firmware all versions) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.

CVSS v3 6.1 MEDIUM
CVSS v2.0 4.3 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://jpn.nec.com/security-info/secinfo/nv21-008.html	Vendor Advisory
https://jvn.jp/en/jp/JVN67456944/index.html	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:nec:aterm_wg1900hp2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wg1900hp2:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:nec:aterm_wg1900hp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wg1900hp:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:nec:aterm_wg1800hp4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wg1800hp4:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:nec:aterm_wg1800hp3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wg1800hp3:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:nec:aterm_wg1200hs3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wg1200hs3:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:nec:aterm_wg1200hs2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wg1200hs2:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:nec:aterm_wg1200hp3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wg1200hp3:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:nec:aterm_wg1200hp2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wg1200hp2:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:nec:aterm_w1200ex_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_w1200ex:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:nec:aterm_w1200ex-ms_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_w1200ex-ms:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:nec:aterm_wg1200hs_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wg1200hs:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:nec:aterm_wg1200hp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wg1200hp:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:nec:aterm_wf800hp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wf800hp:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:nec:aterm_wf300hp2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wf300hp2:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:nec:aterm_wr8165n_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wr8165n:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:nec:aterm_w500p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_w500p:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:nec:aterm_w300p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_w300p:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-04-26 01:15

Updated : 2024-02-04 21:47

NVD link : CVE-2021-20680

Mitre link : CVE-2021-20680

CVE.ORG link : CVE-2021-20680

JSON object : View

Products Affected

nec

aterm_w500p
aterm_wg1200hs3_firmware
aterm_w1200ex
aterm_wg1900hp_firmware
aterm_wg1200hp2_firmware
aterm_wg1200hp3
aterm_wg1900hp
aterm_wg1200hs3
aterm_w1200ex_firmware
aterm_wg1200hp_firmware
aterm_wg1200hp
aterm_wg1200hp2
aterm_wg1800hp4_firmware
aterm_wg1200hp3_firmware
aterm_wr8165n
aterm_wg1200hs2_firmware
aterm_wg1900hp2
aterm_w500p_firmware
aterm_w300p
aterm_wg1200hs2
aterm_wr8165n_firmware
aterm_wf300hp2_firmware
aterm_wg1800hp3
aterm_w1200ex-ms_firmware
aterm_w300p_firmware
aterm_wg1800hp3_firmware
aterm_wg1800hp4
aterm_wg1200hs_firmware
aterm_wg1200hs
aterm_wf800hp_firmware
aterm_wg1900hp2_firmware
aterm_wf300hp2
aterm_wf800hp
aterm_w1200ex-ms

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

6.1 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2021-20680

6.1^/10

4.3^/10

Attach tags to `CVE-2021-20680`