CVE-2021-20680

EPSS 0.35%
Published 26.04.2021 01:15:07
Last modified 21.11.2024 05:46:59
Source vultures@jpcert.or.jp
Teams watchlist Login
Open Login

Cross-site scripting vulnerability in NEC Aterm devices (Aterm WG1900HP2 firmware Ver.1.3.1 and earlier, Aterm WG1900HP firmware Ver.2.5.1 and earlier, Aterm WG1800HP4 firmware Ver.1.3.1 and earlier, Aterm WG1800HP3 firmware Ver.1.5.1 and earlier, Aterm WG1200HS2 firmware Ver.2.5.0 and earlier, Aterm WG1200HP3 firmware Ver.1.3.1 and earlier, Aterm WG1200HP2 firmware Ver.2.5.0 and earlier, Aterm W1200EX firmware Ver.1.3.1 and earlier, Aterm W1200EX-MS firmware Ver.1.3.1 and earlier, Aterm WG1200HS firmware all versions Aterm WG1200HP firmware all versions Aterm WF800HP firmware all versions Aterm WF300HP2 firmware all versions Aterm WR8165N firmware all versions Aterm W500P firmware all versions, and Aterm W300P firmware all versions) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Nec ≫ Aterm Wg1900hp2 Firmware Version <= 1.3.1

Nec ≫ Aterm Wg1900hp2 Version-

Nec ≫ Aterm Wg1900hp Firmware Version <= 2.5.1

Nec ≫ Aterm Wg1900hp Version-

Nec ≫ Aterm Wg1800hp4 Firmware Version <= 1.3.1

Nec ≫ Aterm Wg1800hp4 Version-

Nec ≫ Aterm Wg1800hp3 Firmware Version <= 1.5.1

Nec ≫ Aterm Wg1800hp3 Version-

Nec ≫ Aterm Wg1200hs3 Firmware Version <= 1.1.2

Nec ≫ Aterm Wg1200hs3 Version-

Nec ≫ Aterm Wg1200hs2 Firmware Version <= 2.5.0

Nec ≫ Aterm Wg1200hs2 Version-

Nec ≫ Aterm Wg1200hp3 Firmware Version <= 1.3.1

Nec ≫ Aterm Wg1200hp3 Version-

Nec ≫ Aterm Wg1200hp2 Firmware Version <= 2.5.0

Nec ≫ Aterm Wg1200hp2 Version-

Nec ≫ Aterm W1200ex Firmware Version <= 1.3.1

Nec ≫ Aterm W1200ex Version-

Nec ≫ Aterm W1200ex-ms Firmware Version <= 1.3.1

Nec ≫ Aterm W1200ex-ms Version-

Nec ≫ Aterm Wg1200hs Firmware

Nec ≫ Aterm Wg1200hs Version-

Nec ≫ Aterm Wg1200hp Firmware

Nec ≫ Aterm Wg1200hp Version-

Nec ≫ Aterm Wf800hp Firmware

Nec ≫ Aterm Wf800hp Version-

Nec ≫ Aterm Wf300hp2 Firmware

Nec ≫ Aterm Wf300hp2 Version-

Nec ≫ Aterm Wr8165n Firmware

Nec ≫ Aterm Wr8165n Version-

Nec ≫ Aterm W500p Firmware

Nec ≫ Aterm W500p Version-

Nec ≫ Aterm W300p Firmware

Nec ≫ Aterm W300p Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.35%	0.542

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://jpn.nec.com/security-info/secinfo/nv21-008.html

Vendor Advisory

https://jvn.jp/en/jp/JVN67456944/index.html

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-20680

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-20680

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-20680

EUVD