CVE-2021-20709

CWE-3543 documents3 sources

Severity

7.2HIGH

EPSS

0.3%

top 51.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

NEC Aterm Wf1200cr Firmware NEC Aterm Wg1200cr Firmware NEC Aterm Wg2600hs Firmware +1 more

Timeline

PublishedApr 26

Latest updateMay 24

Description

Improper validation of integrity check value vulnerability in NEC Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier allows an attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to a specific URL.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages4 packages

▶NVDnec/aterm_wf1200cr_firmware1.3.2

▶NVDnec/aterm_wg1200cr_firmware1.3.3

▶NVDnec/aterm_wg2600hs_firmware1.5.1

▶CVEListV5nec_corporation/nec_aterm_devicesAterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier

🔴Vulnerability Details

GHSA

GHSA-fr48-wfw6-fwg7: Improper validation of integrity check value vulnerability in NEC Aterm WF1200CR firmware Ver1↗2022-05-24

▶

CVEList

CVE-2021-20709: Improper validation of integrity check value vulnerability in NEC Aterm WF1200CR firmware Ver1↗2021-04-26

▶