CVE-2023-3331

CWE-22 — Path Traversal CWE-129 — Improper Array Index Validation4 documents4 sources

Severity

5.4MEDIUM

EPSS

0.1%

top 64.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

NEC Corporation Aterm Wf300hp NEC Corporation Aterm Wg1400hp NEC Corporation Aterm Wg1800hp +14 more

Timeline

PublishedJun 28

Description

Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to delete specific files in the product.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:LExploitability: 2.8 | Impact: 2.5

Affected Packages17 packages

▶CVEListV5nec_corporation/aterm_wg1800hp2all versions

▶CVEListV5nec_corporation/aterm_wg2600hp2all versions

▶CVEListV5nec_corporation/aterm_wf300hpall versions

▶CVEListV5nec_corporation/aterm_wg300hpall versions

▶CVEListV5nec_corporation/aterm_wg600hpall versions

🔴Vulnerability Details

CVEList

CVE-2023-3331: Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1↗2023-06-28

▶

GHSA

GHSA-rwv8-j25h-rxjw: Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2200HP all versions allows a attacker to delete↗2023-06-28

▶