CVE-2021-20711OS Command Injection in Aterm Wg2600hs Firmware

CWE-78OS Command Injection3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.6%
top 29.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
NEC Aterm Wg2600hs FirmwareNEC Corporation Aterm Wg2600hs
Timeline
PublishedApr 26
Latest updateMay 24

Description

Aterm WG2600HS firmware Ver1.5.1 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5nec_corporation/aterm_wg2600hsfirmware Ver1.5.1 and earlier

🔴Vulnerability Details

2
GHSA
GHSA-p4fr-76vx-7r7v: Aterm WG2600HS firmware Ver12022-05-24
CVEList
CVE-2021-20711: Aterm WG2600HS firmware Ver12021-04-26
CVE-2021-20711 — OS Command Injection | cvebase