CVE-2023-3332

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

4.8MEDIUM

EPSS

0.1%

top 75.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

NEC Corporation Aterm Wf300hp NEC Corporation Aterm Wg1400hp NEC Corporation Aterm Wg1800hp +14 more

Timeline

PublishedJun 28

Description

Improper Neutralization of Input During Web Page Generation vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to execute an arbitrary script, after obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages17 packages

▶CVEListV5nec_corporation/aterm_wg1800hp2all versions

▶CVEListV5nec_corporation/aterm_wg2600hp2all versions

▶CVEListV5nec_corporation/aterm_wf300hpall versions

▶CVEListV5nec_corporation/aterm_wg300hpall versions

▶CVEListV5nec_corporation/aterm_wg600hpall versions

🔴Vulnerability Details

CVEList

CVE-2023-3332: Improper Neutralization of Input During Web Page Generation vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1↗2023-06-28

▶

GHSA

GHSA-375r-f934-jp9v: Improper Neutralization of Input During Web Page Generation vulnerability in NEC Corporation Aterm WG2200HP all versions allows a attacker to execute↗2023-06-28

▶