CVE-2023-3333

CWE-78 — OS Command Injection4 documents4 sources

Severity

7.2HIGH

EPSS

0.1%

top 72.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

NEC Corporation Aterm Wf300hp NEC Corporation Aterm Wg1400hp NEC Corporation Aterm Wg1800hp +14 more

Timeline

PublishedJun 28

Description

Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to execute an arbitrary OS command with the root privilege, after obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages17 packages

▶CVEListV5nec_corporation/aterm_wg1800hp2all versions

▶CVEListV5nec_corporation/aterm_wg2600hp2all versions

▶CVEListV5nec_corporation/aterm_wf300hpall versions

▶CVEListV5nec_corporation/aterm_wg300hpall versions

▶CVEListV5nec_corporation/aterm_wg600hpall versions

🔴Vulnerability Details

GHSA

GHSA-4cvh-grfr-3h7q: Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG2200HP all versions allows a attacker to ex↗2023-06-28

▶

CVEList

CVE-2023-3333: Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1↗2023-06-28

▶

🕵️Threat Intelligence

Threat Intel

IronErn440

▶