CVE-2021-20680

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.3%

top 42.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

NEC Aterm W1200ex-ms Firmware NEC Aterm W1200ex Firmware NEC Aterm Wg1200hp2 Firmware +8 more

Timeline

PublishedApr 26

Latest updateMay 24

Description

Cross-site scripting vulnerability in NEC Aterm devices (Aterm WG1900HP2 firmware Ver.1.3.1 and earlier, Aterm WG1900HP firmware Ver.2.5.1 and earlier, Aterm WG1800HP4 firmware Ver.1.3.1 and earlier, Aterm WG1800HP3 firmware Ver.1.5.1 and earlier, Aterm WG1200HS2 firmware Ver.2.5.0 and earlier, Aterm WG1200HP3 firmware Ver.1.3.1 and earlier, Aterm WG1200HP2 firmware Ver.2.5.0 and earlier, Aterm W1200EX firmware Ver.1.3.1 and earlier, Aterm W1200EX-MS firmware Ver.1.3.1 and earlier, Aterm WG1200H…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages11 packages

▶NVDnec/aterm_w1200ex_firmware1.3.1

▶NVDnec/aterm_wg1200hp2_firmware2.5.0

▶NVDnec/aterm_wg1200hp3_firmware1.3.1

▶NVDnec/aterm_wg1200hs2_firmware2.5.0

▶NVDnec/aterm_wg1900hp2_firmware1.3.1

🔴Vulnerability Details

GHSA

GHSA-qrw9-9x9v-8v9p: Cross-site scripting vulnerability in NEC Aterm devices (Aterm WG1900HP2 firmware Ver↗2022-05-24

▶

CVEList

CVE-2021-20680: Cross-site scripting vulnerability in NEC Aterm devices (Aterm WG1900HP2 firmware Ver↗2021-04-26

▶