CVE-2018-16194 — OS Command Injection in Aterm Wf1200cr Firmware

CWE-78 — OS Command Injection3 documents3 sources

Severity

7.2HIGHNVD

EPSS

0.6%

top 30.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

NEC Aterm Wf1200cr Firmware NEC Aterm Wg1200cr Firmware NEC Corporation Aterm Wf1200cr AND Aterm Wg1200cr

Timeline

PublishedJan 9

Latest updateMay 14

Description

Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to execute arbitrary OS commands via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages3 packages

▶NVDnec/aterm_wf1200cr_firmware1.1.1

▶NVDnec/aterm_wg1200cr_firmware1.0.1

▶CVEListV5nec_corporation/aterm_wf1200cr_and_aterm_wg1200cr(Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier)

🔴Vulnerability Details

GHSA

GHSA-rj9q-9jx8-7g8f: Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1↗2022-05-14

▶

CVEList

CVE-2018-16194: Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1↗2019-01-09

▶