5.4
CVE-2023-3331
- EPSS 0.11%
- Veröffentlicht 28.06.2023 02:15:49
- Zuletzt bearbeitet 21.11.2024 08:17:01
- Quelle psirt-info@cyber.jp.nec.com
- Teams Watchlist Login
- Unerledigt Login
Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to delete specific files in the product.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Nec ≫ Aterm Wf300hp Firmware Version-
Nec ≫ Aterm Wg1400hp Firmware Version-
Nec ≫ Aterm Wg1800hp Firmware Version-
Nec ≫ Aterm Wg1800hp2 Firmware Version-
Nec ≫ Aterm Wg2200hp Firmware Version-
Nec ≫ Aterm Wg2600hp Firmware Version-
Nec ≫ Aterm Wg2600hp2 Firmware Version-
Nec ≫ Aterm Wg300hp Firmware Version-
Nec ≫ Aterm Wg600hp Firmware Version-
Nec ≫ Aterm Wr8600n Firmware Version-
Nec ≫ Aterm Wr8700n Firmware Version-
Nec ≫ Aterm Wr8750n Firmware Version-
Nec ≫ Aterm Wr9300n Firmware Version-
Nec ≫ Aterm Wr9500n Firmware Version-
Nec ≫ Aterm Wr8170n Firmware Version-
Nec ≫ Aterm Wr8175n Firmware Version-
Nec ≫ Aterm Wr8370n Firmware Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.308 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.8 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.