CVE-2018-16193 — Cross-site Scripting in Aterm Wf1200cr Firmware

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

0.3%

top 47.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

NEC Aterm Wf1200cr Firmware NEC Aterm Wg1200cr Firmware NEC Corporation Aterm Wf1200cr AND Aterm Wg1200cr

Timeline

PublishedJan 9

Latest updateMay 14

Description

Cross-site scripting vulnerability in Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages3 packages

▶NVDnec/aterm_wf1200cr_firmware1.1.1

▶NVDnec/aterm_wg1200cr_firmware1.0.1

▶CVEListV5nec_corporation/aterm_wf1200cr_and_aterm_wg1200cr(Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier)

🔴Vulnerability Details

GHSA

GHSA-hj7j-wp8f-6pq3: Cross-site scripting vulnerability in Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1↗2022-05-14

▶

CVEList

CVE-2018-16193: Cross-site scripting vulnerability in Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1↗2019-01-09

▶