Search

Find a vulnerability

Search criteria

    22 vulnerabilities found for aterm_wg1200cr_firmware by nec

    CVE-2026-4622 (GCVE-0-2026-4622)

    Vulnerability from nvd – Published: 2026-03-27 11:53 – Updated: 2026-04-10 04:14
    VLAI
    Summary
    OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    NEC
    Credits
    Chuya Hayakawa of Zero Zero One Co., Ltd.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4622",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-27T12:50:35.148912Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-27T12:53:16.253Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG2600HS",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 1.7.2"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WF1200CR",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 1.6.0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG1200CR",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 1.5.0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG2600HP4",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 1.4.2"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG2600HM4",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 1.4.2"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG2600HS2",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 1.3.2"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WX3000HP",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 2.5.0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WX3000HP2",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 1.3.2"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm GB1200PE",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 1.3.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Chuya Hayakawa of Zero Zero One Co., Ltd."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network."
                }
              ],
              "value": "OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-10T04:14:44.673Z",
            "orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
            "shortName": "NEC"
          },
          "references": [
            {
              "url": "https://jpn.nec.com/security-info/secinfo/nv26-001_en.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
        "assignerShortName": "NEC",
        "cveId": "CVE-2026-4622",
        "datePublished": "2026-03-27T11:53:12.245Z",
        "dateReserved": "2026-03-23T06:04:49.866Z",
        "dateUpdated": "2026-04-10T04:14:44.673Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-4621 (GCVE-0-2026-4621)

    Vulnerability from nvd – Published: 2026-03-27 11:52 – Updated: 2026-04-10 04:13
    VLAI
    Summary
    Hidden Functionality vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to enable telnet via network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    NEC
    Impacted products
    Vendor Product Version
    NEC Platforms, Ltd. Aterm W1200EX(-MS) Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG1200HP2 Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG1900HP Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG1200HS2 Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG1800HP3 Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG1200HP3 Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG1900HP2 Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG1200HS3 Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG1800HP4 Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG1200HP4 Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG1200HS4 Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WX1500HP Affected: Before Ver. 1.4.2
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG2600HS Affected: Before Ver. 1.7.2
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WF1200CR Affected: Before Ver. 1.6.0
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG1200CR Affected: Before Ver. 1.5.0
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG2600HP4 Affected: Before Ver. 1.4.2
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG2600HM4 Affected: Before Ver. 1.4.2
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG2600HS2 Affected: Before Ver. 1.3.2
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WX3000HP Affected: Before Ver. 2.5.0
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WX3000HP2 Affected: Before Ver. 1.3.2
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WX3600HP Affected: Before Ver. 1.4.2
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm GX1200HP Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm GX1200HS4 Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG1200DM4 Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm GB1200PE Affected: Before Ver. 1.3.1
    Create a notification for this product.
    Credits
    Chuya Hayakawa of Zero Zero One Co., Ltd.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4621",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-27T12:57:21.304368Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-27T12:57:32.214Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Aterm W1200EX(-MS)",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG1200HP2",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG1900HP",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG1200HS2",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG1800HP3",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG1200HP3",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG1900HP2",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG1200HS3",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG1800HP4",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG1200HP4",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG1200HS4",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WX1500HP",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 1.4.2"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG2600HS",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 1.7.2"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WF1200CR",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 1.6.0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG1200CR",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 1.5.0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG2600HP4",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 1.4.2"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG2600HM4",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 1.4.2"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG2600HS2",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 1.3.2"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WX3000HP",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 2.5.0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WX3000HP2",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 1.3.2"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WX3600HP",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 1.4.2"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm GX1200HP",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm GX1200HS4",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG1200DM4",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm GB1200PE",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 1.3.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Chuya Hayakawa of Zero Zero One Co., Ltd."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Hidden Functionality vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to enable telnet via network."
                }
              ],
              "value": "Hidden Functionality vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to enable telnet via network."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-912",
                  "description": "CWE-912: Hidden Functionality",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-10T04:13:59.147Z",
            "orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
            "shortName": "NEC"
          },
          "references": [
            {
              "url": "https://jpn.nec.com/security-info/secinfo/nv26-001_en.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
        "assignerShortName": "NEC",
        "cveId": "CVE-2026-4621",
        "datePublished": "2026-03-27T11:52:48.222Z",
        "dateReserved": "2026-03-23T06:04:48.670Z",
        "dateUpdated": "2026-04-10T04:13:59.147Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-4309 (GCVE-0-2026-4309)

    Vulnerability from nvd – Published: 2026-03-27 11:46 – Updated: 2026-04-10 04:10
    VLAI
    Summary
    Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get a specific device information and change the settings via network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    NEC
    Impacted products
    Vendor Product Version
    NEC Platforms, Ltd. Aterm W1200EX(-MS) Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG1200HP2 Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG1900HP Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG1200HS2 Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG1800HP3 Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG1200HP3 Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG1900HP2 Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG1200HS3 Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG1800HP4 Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG1200HP4 Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG1200HS4 Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WX1500HP Affected: Before Ver. 1.4.2
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG2600HS Affected: Before Ver. 1.7.2
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WF1200CR Affected: Before Ver. 1.6.0
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG1200CR Affected: Before Ver. 1.5.0
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG2600HP4 Affected: Before Ver. 1.4.2
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG2600HM4 Affected: Before Ver. 1.4.2
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG2600HS2 Affected: Before Ver. 1.3.2
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WX3000HP Affected: Before Ver. 2.5.0
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WX3600HP Affected: Before Ver. 1.5.3
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm GX1200HP Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm GX1200HS4 Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG1200DM4 Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm GB1200PE Affected: Before Ver. 1.3.1
    Create a notification for this product.
    Credits
    Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4309",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-27T12:00:30.434329Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-27T12:15:32.249Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Aterm W1200EX(-MS)",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG1200HP2",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG1900HP",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG1200HS2",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG1800HP3",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG1200HP3",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG1900HP2",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG1200HS3",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG1800HP4",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG1200HP4",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG1200HS4",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WX1500HP",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 1.4.2"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG2600HS",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 1.7.2"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WF1200CR",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 1.6.0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG1200CR",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 1.5.0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG2600HP4",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 1.4.2"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG2600HM4",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 1.4.2"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG2600HS2",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 1.3.2"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WX3000HP",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 2.5.0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WX3600HP",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 1.5.3"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm GX1200HP",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm GX1200HS4",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG1200DM4",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm GB1200PE",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 1.3.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get a specific device information and change the settings via network."
                }
              ],
              "value": "Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get a specific device information and change the settings via network."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-10T04:10:43.726Z",
            "orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
            "shortName": "NEC"
          },
          "references": [
            {
              "url": "https://jpn.nec.com/security-info/secinfo/nv26-001_en.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
        "assignerShortName": "NEC",
        "cveId": "CVE-2026-4309",
        "datePublished": "2026-03-27T11:46:26.310Z",
        "dateReserved": "2026-03-17T01:53:09.153Z",
        "dateUpdated": "2026-04-10T04:10:43.726Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2021-20709 (GCVE-0-2021-20709)

    Vulnerability from nvd – Published: 2021-04-26 00:20 – Updated: 2024-08-03 17:53
    VLAI
    Summary
    Improper validation of integrity check value vulnerability in NEC Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier allows an attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to a specific URL.
    Severity
    No CVSS data available.
    CWE
    • Improper Validation of Integrity Check Value
    Assigner
    References
    Impacted products
    Vendor Product Version
    NEC Corporation NEC Aterm devices Affected: Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:53:21.222Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jpn.nec.com/security-info/secinfo/nv21-010.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN29739718/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NEC Aterm devices",
              "vendor": "NEC Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper validation of integrity check value vulnerability in NEC Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier allows an attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to a specific URL."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Validation of Integrity Check Value",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-04-26T00:20:44.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jpn.nec.com/security-info/secinfo/nv21-010.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN29739718/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2021-20709",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NEC Aterm devices",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NEC Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper validation of integrity check value vulnerability in NEC Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier allows an attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to a specific URL."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Validation of Integrity Check Value"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jpn.nec.com/security-info/secinfo/nv21-010.html",
                  "refsource": "MISC",
                  "url": "https://jpn.nec.com/security-info/secinfo/nv21-010.html"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN29739718/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN29739718/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2021-20709",
        "datePublished": "2021-04-26T00:20:44.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:53:21.222Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-20708 (GCVE-0-2021-20708)

    Vulnerability from nvd – Published: 2021-04-26 00:20 – Updated: 2024-08-03 17:53
    VLAI
    Summary
    NEC Aterm devices (Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier) allow authenticated attackers to execute arbitrary OS commands by sending a specially crafted request to a specific URL.
    Severity
    No CVSS data available.
    CWE
    • OS Command Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    NEC Corporation NEC Aterm devices Affected: Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:53:21.266Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jpn.nec.com/security-info/secinfo/nv21-010.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN29739718/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NEC Aterm devices",
              "vendor": "NEC Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NEC Aterm devices (Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier) allow authenticated attackers to execute arbitrary OS commands by sending a specially crafted request to a specific URL."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "OS Command Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-04-26T00:20:43.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jpn.nec.com/security-info/secinfo/nv21-010.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN29739718/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2021-20708",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NEC Aterm devices",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NEC Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NEC Aterm devices (Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier) allow authenticated attackers to execute arbitrary OS commands by sending a specially crafted request to a specific URL."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "OS Command Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jpn.nec.com/security-info/secinfo/nv21-010.html",
                  "refsource": "MISC",
                  "url": "https://jpn.nec.com/security-info/secinfo/nv21-010.html"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN29739718/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN29739718/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2021-20708",
        "datePublished": "2021-04-26T00:20:44.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:53:21.266Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5525 (GCVE-0-2020-5525)

    Vulnerability from nvd – Published: 2020-02-21 09:15 – Updated: 2024-08-04 08:30
    VLAI
    Summary
    Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via management screen.
    Severity
    No CVSS data available.
    CWE
    • OS Command Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    NEC Corporation Aterm series Affected: Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:30:24.540Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN49410695/index.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jpn.nec.com/security-info/secinfo/nv20-003.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Aterm series",
              "vendor": "NEC Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via management screen."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "OS Command Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-21T09:15:19.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN49410695/index.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jpn.nec.com/security-info/secinfo/nv20-003.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2020-5525",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Aterm series",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NEC Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via management screen."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "OS Command Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jvn.jp/en/jp/JVN49410695/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN49410695/index.html"
                },
                {
                  "name": "https://jpn.nec.com/security-info/secinfo/nv20-003.html",
                  "refsource": "MISC",
                  "url": "https://jpn.nec.com/security-info/secinfo/nv20-003.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2020-5525",
        "datePublished": "2020-02-21T09:15:19.000Z",
        "dateReserved": "2020-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:30:24.540Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5524 (GCVE-0-2020-5524)

    Vulnerability from nvd – Published: 2020-02-21 09:15 – Updated: 2024-08-04 08:30
    VLAI
    Summary
    Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands with root privileges via UPnP function.
    Severity
    No CVSS data available.
    CWE
    • OS Command Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    NEC Corporation Aterm series Affected: Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:30:24.503Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN49410695/index.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jpn.nec.com/security-info/secinfo/nv20-003.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Aterm series",
              "vendor": "NEC Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands with root privileges via UPnP function."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "OS Command Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-21T09:15:19.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN49410695/index.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jpn.nec.com/security-info/secinfo/nv20-003.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2020-5524",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Aterm series",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NEC Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands with root privileges via UPnP function."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "OS Command Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jvn.jp/en/jp/JVN49410695/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN49410695/index.html"
                },
                {
                  "name": "https://jpn.nec.com/security-info/secinfo/nv20-003.html",
                  "refsource": "MISC",
                  "url": "https://jpn.nec.com/security-info/secinfo/nv20-003.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2020-5524",
        "datePublished": "2020-02-21T09:15:19.000Z",
        "dateReserved": "2020-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:30:24.503Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-16195 (GCVE-0-2018-16195)

    Vulnerability from nvd – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17
    VLAI
    Summary
    Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands via SOAP interface of UPnP.
    Severity
    No CVSS data available.
    CWE
    • OS Command Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    NEC Corporation Aterm WF1200CR and Aterm WG1200CR Affected: (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier)
    Create a notification for this product.
    Date Public
    2019-01-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:17:38.325Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#87535892",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN87535892/index.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jpn.nec.com/security-info/secinfo/nv18-021.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Aterm WF1200CR and Aterm WG1200CR",
              "vendor": "NEC Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "(Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier)"
                }
              ]
            }
          ],
          "datePublic": "2019-01-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands via SOAP interface of UPnP."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "OS Command Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-09T21:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#87535892",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN87535892/index.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jpn.nec.com/security-info/secinfo/nv18-021.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2018-16195",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Aterm WF1200CR and Aterm WG1200CR",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "(Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NEC Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands via SOAP interface of UPnP."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "OS Command Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#87535892",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN87535892/index.html"
                },
                {
                  "name": "https://jpn.nec.com/security-info/secinfo/nv18-021.html",
                  "refsource": "MISC",
                  "url": "https://jpn.nec.com/security-info/secinfo/nv18-021.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2018-16195",
        "datePublished": "2019-01-09T22:00:00.000Z",
        "dateReserved": "2018-08-30T00:00:00.000Z",
        "dateUpdated": "2024-08-05T10:17:38.325Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-16194 (GCVE-0-2018-16194)

    Vulnerability from nvd – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17
    VLAI
    Summary
    Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to execute arbitrary OS commands via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • OS Command Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    NEC Corporation Aterm WF1200CR and Aterm WG1200CR Affected: (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier)
    Create a notification for this product.
    Date Public
    2019-01-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:17:38.393Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#87535892",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN87535892/index.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jpn.nec.com/security-info/secinfo/nv18-021.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Aterm WF1200CR and Aterm WG1200CR",
              "vendor": "NEC Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "(Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier)"
                }
              ]
            }
          ],
          "datePublic": "2019-01-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to execute arbitrary OS commands via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "OS Command Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-09T21:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#87535892",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN87535892/index.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jpn.nec.com/security-info/secinfo/nv18-021.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2018-16194",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Aterm WF1200CR and Aterm WG1200CR",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "(Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NEC Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to execute arbitrary OS commands via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "OS Command Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#87535892",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN87535892/index.html"
                },
                {
                  "name": "https://jpn.nec.com/security-info/secinfo/nv18-021.html",
                  "refsource": "MISC",
                  "url": "https://jpn.nec.com/security-info/secinfo/nv18-021.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2018-16194",
        "datePublished": "2019-01-09T22:00:00.000Z",
        "dateReserved": "2018-08-30T00:00:00.000Z",
        "dateUpdated": "2024-08-05T10:17:38.393Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-16193 (GCVE-0-2018-16193)

    Vulnerability from nvd – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17
    VLAI
    Summary
    Cross-site scripting vulnerability in Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Cross-site scripting
    Assigner
    References
    Impacted products
    Vendor Product Version
    NEC Corporation Aterm WF1200CR and Aterm WG1200CR Affected: (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier)
    Create a notification for this product.
    Date Public
    2019-01-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:17:38.355Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#87535892",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN87535892/index.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jpn.nec.com/security-info/secinfo/nv18-021.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Aterm WF1200CR and Aterm WG1200CR",
              "vendor": "NEC Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "(Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier)"
                }
              ]
            }
          ],
          "datePublic": "2019-01-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting vulnerability in Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-09T21:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#87535892",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN87535892/index.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jpn.nec.com/security-info/secinfo/nv18-021.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2018-16193",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Aterm WF1200CR and Aterm WG1200CR",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "(Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NEC Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting vulnerability in Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#87535892",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN87535892/index.html"
                },
                {
                  "name": "https://jpn.nec.com/security-info/secinfo/nv18-021.html",
                  "refsource": "MISC",
                  "url": "https://jpn.nec.com/security-info/secinfo/nv18-021.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2018-16193",
        "datePublished": "2019-01-09T22:00:00.000Z",
        "dateReserved": "2018-08-30T00:00:00.000Z",
        "dateUpdated": "2024-08-05T10:17:38.355Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-16192 (GCVE-0-2018-16192)

    Vulnerability from nvd – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17
    VLAI
    Summary
    Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allow an attacker on the same network segment to obtain information registered on the device via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    References
    Impacted products
    Vendor Product Version
    NEC Corporation Aterm WF1200CR and Aterm WG1200CR Affected: (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier)
    Create a notification for this product.
    Date Public
    2019-01-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:17:38.386Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#87535892",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN87535892/index.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jpn.nec.com/security-info/secinfo/nv18-021.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Aterm WF1200CR and Aterm WG1200CR",
              "vendor": "NEC Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "(Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier)"
                }
              ]
            }
          ],
          "datePublic": "2019-01-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allow an attacker on the same network segment to obtain information registered on the device via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-09T21:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#87535892",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN87535892/index.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jpn.nec.com/security-info/secinfo/nv18-021.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2018-16192",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Aterm WF1200CR and Aterm WG1200CR",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "(Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NEC Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allow an attacker on the same network segment to obtain information registered on the device via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#87535892",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN87535892/index.html"
                },
                {
                  "name": "https://jpn.nec.com/security-info/secinfo/nv18-021.html",
                  "refsource": "MISC",
                  "url": "https://jpn.nec.com/security-info/secinfo/nv18-021.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2018-16192",
        "datePublished": "2019-01-09T22:00:00.000Z",
        "dateReserved": "2018-08-30T00:00:00.000Z",
        "dateUpdated": "2024-08-05T10:17:38.386Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-4622 (GCVE-0-2026-4622)

    Vulnerability from cvelistv5 – Published: 2026-03-27 11:53 – Updated: 2026-04-10 04:14
    VLAI
    Summary
    OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    NEC
    Credits
    Chuya Hayakawa of Zero Zero One Co., Ltd.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4622",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-27T12:50:35.148912Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-27T12:53:16.253Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG2600HS",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 1.7.2"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WF1200CR",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 1.6.0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG1200CR",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 1.5.0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG2600HP4",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 1.4.2"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG2600HM4",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 1.4.2"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG2600HS2",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 1.3.2"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WX3000HP",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 2.5.0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WX3000HP2",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 1.3.2"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm GB1200PE",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 1.3.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Chuya Hayakawa of Zero Zero One Co., Ltd."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network."
                }
              ],
              "value": "OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-10T04:14:44.673Z",
            "orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
            "shortName": "NEC"
          },
          "references": [
            {
              "url": "https://jpn.nec.com/security-info/secinfo/nv26-001_en.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
        "assignerShortName": "NEC",
        "cveId": "CVE-2026-4622",
        "datePublished": "2026-03-27T11:53:12.245Z",
        "dateReserved": "2026-03-23T06:04:49.866Z",
        "dateUpdated": "2026-04-10T04:14:44.673Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-4621 (GCVE-0-2026-4621)

    Vulnerability from cvelistv5 – Published: 2026-03-27 11:52 – Updated: 2026-04-10 04:13
    VLAI
    Summary
    Hidden Functionality vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to enable telnet via network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    NEC
    Impacted products
    Vendor Product Version
    NEC Platforms, Ltd. Aterm W1200EX(-MS) Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG1200HP2 Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG1900HP Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG1200HS2 Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG1800HP3 Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG1200HP3 Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG1900HP2 Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG1200HS3 Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG1800HP4 Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG1200HP4 Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG1200HS4 Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WX1500HP Affected: Before Ver. 1.4.2
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG2600HS Affected: Before Ver. 1.7.2
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WF1200CR Affected: Before Ver. 1.6.0
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG1200CR Affected: Before Ver. 1.5.0
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG2600HP4 Affected: Before Ver. 1.4.2
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG2600HM4 Affected: Before Ver. 1.4.2
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG2600HS2 Affected: Before Ver. 1.3.2
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WX3000HP Affected: Before Ver. 2.5.0
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WX3000HP2 Affected: Before Ver. 1.3.2
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WX3600HP Affected: Before Ver. 1.4.2
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm GX1200HP Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm GX1200HS4 Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG1200DM4 Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm GB1200PE Affected: Before Ver. 1.3.1
    Create a notification for this product.
    Credits
    Chuya Hayakawa of Zero Zero One Co., Ltd.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4621",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-27T12:57:21.304368Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-27T12:57:32.214Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Aterm W1200EX(-MS)",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG1200HP2",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG1900HP",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG1200HS2",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG1800HP3",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG1200HP3",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG1900HP2",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG1200HS3",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG1800HP4",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG1200HP4",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG1200HS4",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WX1500HP",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 1.4.2"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG2600HS",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 1.7.2"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WF1200CR",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 1.6.0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG1200CR",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 1.5.0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG2600HP4",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 1.4.2"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG2600HM4",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 1.4.2"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG2600HS2",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 1.3.2"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WX3000HP",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 2.5.0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WX3000HP2",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 1.3.2"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WX3600HP",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 1.4.2"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm GX1200HP",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm GX1200HS4",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG1200DM4",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm GB1200PE",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 1.3.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Chuya Hayakawa of Zero Zero One Co., Ltd."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Hidden Functionality vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to enable telnet via network."
                }
              ],
              "value": "Hidden Functionality vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to enable telnet via network."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-912",
                  "description": "CWE-912: Hidden Functionality",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-10T04:13:59.147Z",
            "orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
            "shortName": "NEC"
          },
          "references": [
            {
              "url": "https://jpn.nec.com/security-info/secinfo/nv26-001_en.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
        "assignerShortName": "NEC",
        "cveId": "CVE-2026-4621",
        "datePublished": "2026-03-27T11:52:48.222Z",
        "dateReserved": "2026-03-23T06:04:48.670Z",
        "dateUpdated": "2026-04-10T04:13:59.147Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-4309 (GCVE-0-2026-4309)

    Vulnerability from cvelistv5 – Published: 2026-03-27 11:46 – Updated: 2026-04-10 04:10
    VLAI
    Summary
    Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get a specific device information and change the settings via network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    NEC
    Impacted products
    Vendor Product Version
    NEC Platforms, Ltd. Aterm W1200EX(-MS) Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG1200HP2 Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG1900HP Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG1200HS2 Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG1800HP3 Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG1200HP3 Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG1900HP2 Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG1200HS3 Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG1800HP4 Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG1200HP4 Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG1200HS4 Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WX1500HP Affected: Before Ver. 1.4.2
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG2600HS Affected: Before Ver. 1.7.2
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WF1200CR Affected: Before Ver. 1.6.0
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG1200CR Affected: Before Ver. 1.5.0
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG2600HP4 Affected: Before Ver. 1.4.2
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG2600HM4 Affected: Before Ver. 1.4.2
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG2600HS2 Affected: Before Ver. 1.3.2
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WX3000HP Affected: Before Ver. 2.5.0
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WX3600HP Affected: Before Ver. 1.5.3
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm GX1200HP Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm GX1200HS4 Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm WG1200DM4 Affected: All versions
    Create a notification for this product.
    NEC Platforms, Ltd. Aterm GB1200PE Affected: Before Ver. 1.3.1
    Create a notification for this product.
    Credits
    Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4309",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-27T12:00:30.434329Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-27T12:15:32.249Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Aterm W1200EX(-MS)",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG1200HP2",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG1900HP",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG1200HS2",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG1800HP3",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG1200HP3",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG1900HP2",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG1200HS3",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG1800HP4",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG1200HP4",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG1200HS4",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WX1500HP",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 1.4.2"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG2600HS",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 1.7.2"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WF1200CR",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 1.6.0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG1200CR",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 1.5.0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG2600HP4",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 1.4.2"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG2600HM4",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 1.4.2"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG2600HS2",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 1.3.2"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WX3000HP",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 2.5.0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WX3600HP",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 1.5.3"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm GX1200HP",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm GX1200HS4",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm WG1200DM4",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Aterm GB1200PE",
              "vendor": "NEC Platforms, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Before Ver. 1.3.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get a specific device information and change the settings via network."
                }
              ],
              "value": "Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get a specific device information and change the settings via network."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-10T04:10:43.726Z",
            "orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
            "shortName": "NEC"
          },
          "references": [
            {
              "url": "https://jpn.nec.com/security-info/secinfo/nv26-001_en.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
        "assignerShortName": "NEC",
        "cveId": "CVE-2026-4309",
        "datePublished": "2026-03-27T11:46:26.310Z",
        "dateReserved": "2026-03-17T01:53:09.153Z",
        "dateUpdated": "2026-04-10T04:10:43.726Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2021-20708 (GCVE-0-2021-20708)

    Vulnerability from cvelistv5 – Published: 2021-04-26 00:20 – Updated: 2024-08-03 17:53
    VLAI
    Summary
    NEC Aterm devices (Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier) allow authenticated attackers to execute arbitrary OS commands by sending a specially crafted request to a specific URL.
    Severity
    No CVSS data available.
    CWE
    • OS Command Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    NEC Corporation NEC Aterm devices Affected: Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:53:21.266Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jpn.nec.com/security-info/secinfo/nv21-010.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN29739718/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NEC Aterm devices",
              "vendor": "NEC Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NEC Aterm devices (Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier) allow authenticated attackers to execute arbitrary OS commands by sending a specially crafted request to a specific URL."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "OS Command Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-04-26T00:20:43.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jpn.nec.com/security-info/secinfo/nv21-010.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN29739718/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2021-20708",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NEC Aterm devices",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NEC Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NEC Aterm devices (Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier) allow authenticated attackers to execute arbitrary OS commands by sending a specially crafted request to a specific URL."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "OS Command Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jpn.nec.com/security-info/secinfo/nv21-010.html",
                  "refsource": "MISC",
                  "url": "https://jpn.nec.com/security-info/secinfo/nv21-010.html"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN29739718/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN29739718/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2021-20708",
        "datePublished": "2021-04-26T00:20:44.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:53:21.266Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-20709 (GCVE-0-2021-20709)

    Vulnerability from cvelistv5 – Published: 2021-04-26 00:20 – Updated: 2024-08-03 17:53
    VLAI
    Summary
    Improper validation of integrity check value vulnerability in NEC Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier allows an attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to a specific URL.
    Severity
    No CVSS data available.
    CWE
    • Improper Validation of Integrity Check Value
    Assigner
    References
    Impacted products
    Vendor Product Version
    NEC Corporation NEC Aterm devices Affected: Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:53:21.222Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jpn.nec.com/security-info/secinfo/nv21-010.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN29739718/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NEC Aterm devices",
              "vendor": "NEC Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper validation of integrity check value vulnerability in NEC Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier allows an attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to a specific URL."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Validation of Integrity Check Value",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-04-26T00:20:44.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jpn.nec.com/security-info/secinfo/nv21-010.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN29739718/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2021-20709",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NEC Aterm devices",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NEC Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper validation of integrity check value vulnerability in NEC Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier allows an attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to a specific URL."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Validation of Integrity Check Value"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jpn.nec.com/security-info/secinfo/nv21-010.html",
                  "refsource": "MISC",
                  "url": "https://jpn.nec.com/security-info/secinfo/nv21-010.html"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN29739718/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN29739718/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2021-20709",
        "datePublished": "2021-04-26T00:20:44.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:53:21.222Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5524 (GCVE-0-2020-5524)

    Vulnerability from cvelistv5 – Published: 2020-02-21 09:15 – Updated: 2024-08-04 08:30
    VLAI
    Summary
    Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands with root privileges via UPnP function.
    Severity
    No CVSS data available.
    CWE
    • OS Command Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    NEC Corporation Aterm series Affected: Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:30:24.503Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN49410695/index.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jpn.nec.com/security-info/secinfo/nv20-003.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Aterm series",
              "vendor": "NEC Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands with root privileges via UPnP function."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "OS Command Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-21T09:15:19.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN49410695/index.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jpn.nec.com/security-info/secinfo/nv20-003.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2020-5524",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Aterm series",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NEC Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands with root privileges via UPnP function."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "OS Command Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jvn.jp/en/jp/JVN49410695/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN49410695/index.html"
                },
                {
                  "name": "https://jpn.nec.com/security-info/secinfo/nv20-003.html",
                  "refsource": "MISC",
                  "url": "https://jpn.nec.com/security-info/secinfo/nv20-003.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2020-5524",
        "datePublished": "2020-02-21T09:15:19.000Z",
        "dateReserved": "2020-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:30:24.503Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5525 (GCVE-0-2020-5525)

    Vulnerability from cvelistv5 – Published: 2020-02-21 09:15 – Updated: 2024-08-04 08:30
    VLAI
    Summary
    Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via management screen.
    Severity
    No CVSS data available.
    CWE
    • OS Command Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    NEC Corporation Aterm series Affected: Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:30:24.540Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN49410695/index.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jpn.nec.com/security-info/secinfo/nv20-003.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Aterm series",
              "vendor": "NEC Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via management screen."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "OS Command Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-21T09:15:19.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN49410695/index.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jpn.nec.com/security-info/secinfo/nv20-003.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2020-5525",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Aterm series",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NEC Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via management screen."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "OS Command Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jvn.jp/en/jp/JVN49410695/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN49410695/index.html"
                },
                {
                  "name": "https://jpn.nec.com/security-info/secinfo/nv20-003.html",
                  "refsource": "MISC",
                  "url": "https://jpn.nec.com/security-info/secinfo/nv20-003.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2020-5525",
        "datePublished": "2020-02-21T09:15:19.000Z",
        "dateReserved": "2020-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:30:24.540Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-16195 (GCVE-0-2018-16195)

    Vulnerability from cvelistv5 – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17
    VLAI
    Summary
    Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands via SOAP interface of UPnP.
    Severity
    No CVSS data available.
    CWE
    • OS Command Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    NEC Corporation Aterm WF1200CR and Aterm WG1200CR Affected: (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier)
    Create a notification for this product.
    Date Public
    2019-01-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:17:38.325Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#87535892",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN87535892/index.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jpn.nec.com/security-info/secinfo/nv18-021.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Aterm WF1200CR and Aterm WG1200CR",
              "vendor": "NEC Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "(Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier)"
                }
              ]
            }
          ],
          "datePublic": "2019-01-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands via SOAP interface of UPnP."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "OS Command Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-09T21:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#87535892",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN87535892/index.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jpn.nec.com/security-info/secinfo/nv18-021.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2018-16195",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Aterm WF1200CR and Aterm WG1200CR",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "(Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NEC Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands via SOAP interface of UPnP."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "OS Command Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#87535892",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN87535892/index.html"
                },
                {
                  "name": "https://jpn.nec.com/security-info/secinfo/nv18-021.html",
                  "refsource": "MISC",
                  "url": "https://jpn.nec.com/security-info/secinfo/nv18-021.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2018-16195",
        "datePublished": "2019-01-09T22:00:00.000Z",
        "dateReserved": "2018-08-30T00:00:00.000Z",
        "dateUpdated": "2024-08-05T10:17:38.325Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-16194 (GCVE-0-2018-16194)

    Vulnerability from cvelistv5 – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17
    VLAI
    Summary
    Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to execute arbitrary OS commands via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • OS Command Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    NEC Corporation Aterm WF1200CR and Aterm WG1200CR Affected: (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier)
    Create a notification for this product.
    Date Public
    2019-01-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:17:38.393Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#87535892",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN87535892/index.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jpn.nec.com/security-info/secinfo/nv18-021.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Aterm WF1200CR and Aterm WG1200CR",
              "vendor": "NEC Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "(Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier)"
                }
              ]
            }
          ],
          "datePublic": "2019-01-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to execute arbitrary OS commands via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "OS Command Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-09T21:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#87535892",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN87535892/index.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jpn.nec.com/security-info/secinfo/nv18-021.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2018-16194",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Aterm WF1200CR and Aterm WG1200CR",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "(Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NEC Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to execute arbitrary OS commands via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "OS Command Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#87535892",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN87535892/index.html"
                },
                {
                  "name": "https://jpn.nec.com/security-info/secinfo/nv18-021.html",
                  "refsource": "MISC",
                  "url": "https://jpn.nec.com/security-info/secinfo/nv18-021.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2018-16194",
        "datePublished": "2019-01-09T22:00:00.000Z",
        "dateReserved": "2018-08-30T00:00:00.000Z",
        "dateUpdated": "2024-08-05T10:17:38.393Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-16192 (GCVE-0-2018-16192)

    Vulnerability from cvelistv5 – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17
    VLAI
    Summary
    Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allow an attacker on the same network segment to obtain information registered on the device via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    References
    Impacted products
    Vendor Product Version
    NEC Corporation Aterm WF1200CR and Aterm WG1200CR Affected: (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier)
    Create a notification for this product.
    Date Public
    2019-01-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:17:38.386Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#87535892",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN87535892/index.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jpn.nec.com/security-info/secinfo/nv18-021.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Aterm WF1200CR and Aterm WG1200CR",
              "vendor": "NEC Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "(Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier)"
                }
              ]
            }
          ],
          "datePublic": "2019-01-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allow an attacker on the same network segment to obtain information registered on the device via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-09T21:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#87535892",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN87535892/index.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jpn.nec.com/security-info/secinfo/nv18-021.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2018-16192",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Aterm WF1200CR and Aterm WG1200CR",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "(Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NEC Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allow an attacker on the same network segment to obtain information registered on the device via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#87535892",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN87535892/index.html"
                },
                {
                  "name": "https://jpn.nec.com/security-info/secinfo/nv18-021.html",
                  "refsource": "MISC",
                  "url": "https://jpn.nec.com/security-info/secinfo/nv18-021.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2018-16192",
        "datePublished": "2019-01-09T22:00:00.000Z",
        "dateReserved": "2018-08-30T00:00:00.000Z",
        "dateUpdated": "2024-08-05T10:17:38.386Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-16193 (GCVE-0-2018-16193)

    Vulnerability from cvelistv5 – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17
    VLAI
    Summary
    Cross-site scripting vulnerability in Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Cross-site scripting
    Assigner
    References
    Impacted products
    Vendor Product Version
    NEC Corporation Aterm WF1200CR and Aterm WG1200CR Affected: (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier)
    Create a notification for this product.
    Date Public
    2019-01-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:17:38.355Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#87535892",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN87535892/index.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jpn.nec.com/security-info/secinfo/nv18-021.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Aterm WF1200CR and Aterm WG1200CR",
              "vendor": "NEC Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "(Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier)"
                }
              ]
            }
          ],
          "datePublic": "2019-01-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting vulnerability in Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-09T21:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#87535892",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN87535892/index.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jpn.nec.com/security-info/secinfo/nv18-021.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2018-16193",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Aterm WF1200CR and Aterm WG1200CR",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "(Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NEC Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting vulnerability in Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#87535892",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN87535892/index.html"
                },
                {
                  "name": "https://jpn.nec.com/security-info/secinfo/nv18-021.html",
                  "refsource": "MISC",
                  "url": "https://jpn.nec.com/security-info/secinfo/nv18-021.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2018-16193",
        "datePublished": "2019-01-09T22:00:00.000Z",
        "dateReserved": "2018-08-30T00:00:00.000Z",
        "dateUpdated": "2024-08-05T10:17:38.355Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }