CVE-2018-16195 — OS Command Injection in Aterm Wf1200cr Firmware

CWE-78 — OS Command Injection3 documents3 sources

Severity

8.8HIGHNVD

EPSS

0.3%

top 45.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

NEC Aterm Wf1200cr Firmware NEC Aterm Wg1200cr Firmware NEC Corporation Aterm Wf1200cr AND Aterm Wg1200cr

Timeline

PublishedJan 9

Latest updateMay 14

Description

Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands via SOAP interface of UPnP.

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶NVDnec/aterm_wf1200cr_firmware1.1.1

▶NVDnec/aterm_wg1200cr_firmware1.0.1

▶CVEListV5nec_corporation/aterm_wf1200cr_and_aterm_wg1200cr(Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier)

🔴Vulnerability Details

GHSA

GHSA-jh4x-vxv6-xj4j: Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1↗2022-05-14

▶

CVEList

CVE-2018-16195: Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1↗2019-01-09

▶