CVE-2021-20708

CWE-78 — OS Command Injection3 documents3 sources

Severity

7.2HIGH

EPSS

0.7%

top 28.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

NEC Aterm Wf1200cr Firmware NEC Aterm Wg1200cr Firmware NEC Aterm Wg2600hs Firmware +1 more

Timeline

PublishedApr 26

Latest updateMay 24

Description

NEC Aterm devices (Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier) allow authenticated attackers to execute arbitrary OS commands by sending a specially crafted request to a specific URL.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages4 packages

▶NVDnec/aterm_wf1200cr_firmware1.3.2

▶NVDnec/aterm_wg1200cr_firmware1.3.3

▶NVDnec/aterm_wg2600hs_firmware1.5.1

▶CVEListV5nec_corporation/nec_aterm_devicesAterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier

🔴Vulnerability Details

GHSA

GHSA-w32w-5vr5-g3ph: NEC Aterm devices (Aterm WF1200CR firmware Ver1↗2022-05-24

▶

CVEList

CVE-2021-20708: NEC Aterm devices (Aterm WF1200CR firmware Ver1↗2021-04-26

▶