4.3
CVE-2023-3330
- EPSS 0.09%
- Published 28.06.2023 02:15:49
- Last modified 21.11.2024 08:17:01
- Source psirt-info@cyber.jp.nec.com
- Teams watchlist Login
- Open Login
Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to obtain specific files in the product.
Data is provided by the National Vulnerability Database (NVD)
Nec ≫ Aterm Wf300hp Firmware Version-
Nec ≫ Aterm Wg1400hp Firmware Version-
Nec ≫ Aterm Wg1800hp Firmware Version-
Nec ≫ Aterm Wg1800hp2 Firmware Version-
Nec ≫ Aterm Wg2200hp Firmware Version-
Nec ≫ Aterm Wg2600hp Firmware Version-
Nec ≫ Aterm Wg2600hp2 Firmware Version-
Nec ≫ Aterm Wg300hp Firmware Version-
Nec ≫ Aterm Wg600hp Firmware Version-
Nec ≫ Aterm Wr8600n Firmware Version-
Nec ≫ Aterm Wr8700n Firmware Version-
Nec ≫ Aterm Wr8750n Firmware Version-
Nec ≫ Aterm Wr9300n Firmware Version-
Nec ≫ Aterm Wr9500n Firmware Version-
Nec ≫ Aterm Wr8170n Firmware Version-
Nec ≫ Aterm Wr8175n Firmware Version-
Nec ≫ Aterm Wr8370n Firmware Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.09% | 0.268 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.