Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for wg2600hp2_firmware by aterm

    CVE-2021-20622 (GCVE-0-2021-20622)

    Vulnerability from nvd – Published: 2021-01-28 10:00 – Updated: 2024-08-03 17:45
    VLAI
    Summary
    Cross-site scripting vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Cross-site scripting
    Assigner
    Impacted products
    Vendor Product Version
    NEC Corporation Aterm WG2600HP and Aterm WG2600HP2 Affected: Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:45:44.887Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.aterm.jp/support/tech/2019/0328.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jpn.nec.com/security-info/secinfo/nv21-005.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN38248512/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Aterm WG2600HP and Aterm WG2600HP2",
              "vendor": "NEC Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-28T10:00:29.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.aterm.jp/support/tech/2019/0328.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jpn.nec.com/security-info/secinfo/nv21-005.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN38248512/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2021-20622",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Aterm WG2600HP and Aterm WG2600HP2",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NEC Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.aterm.jp/support/tech/2019/0328.html",
                  "refsource": "MISC",
                  "url": "https://www.aterm.jp/support/tech/2019/0328.html"
                },
                {
                  "name": "https://jpn.nec.com/security-info/secinfo/nv21-005.html",
                  "refsource": "MISC",
                  "url": "https://jpn.nec.com/security-info/secinfo/nv21-005.html"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN38248512/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN38248512/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2021-20622",
        "datePublished": "2021-01-28T10:00:29.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:45:44.887Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-20621 (GCVE-0-2021-20621)

    Vulnerability from nvd – Published: 2021-01-28 10:00 – Updated: 2024-08-03 17:45
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Cross-site request forgery
    Assigner
    Impacted products
    Vendor Product Version
    NEC Corporation Aterm WG2600HP and Aterm WG2600HP2 Affected: Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:45:44.833Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.aterm.jp/support/tech/2019/0328.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jpn.nec.com/security-info/secinfo/nv21-005.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN38248512/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Aterm WG2600HP and Aterm WG2600HP2",
              "vendor": "NEC Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site request forgery",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-28T10:00:29.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.aterm.jp/support/tech/2019/0328.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jpn.nec.com/security-info/secinfo/nv21-005.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN38248512/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2021-20621",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Aterm WG2600HP and Aterm WG2600HP2",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NEC Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site request forgery"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.aterm.jp/support/tech/2019/0328.html",
                  "refsource": "MISC",
                  "url": "https://www.aterm.jp/support/tech/2019/0328.html"
                },
                {
                  "name": "https://jpn.nec.com/security-info/secinfo/nv21-005.html",
                  "refsource": "MISC",
                  "url": "https://jpn.nec.com/security-info/secinfo/nv21-005.html"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN38248512/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN38248512/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2021-20621",
        "datePublished": "2021-01-28T10:00:29.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:45:44.833Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-12575 (GCVE-0-2017-12575)

    Vulnerability from nvd – Published: 2018-08-24 19:00 – Updated: 2024-08-05 18:43
    VLAI
    Summary
    An issue was discovered on the NEC Aterm WG2600HP2 1.0.2. The router has a set of web service APIs for access to and setup of the configuration. Some APIs don't require authentication. An attacker could exploit this vulnerability by sending a crafted HTTP request to retrieve DHCP clients, firmware version, and network status (ex.: curl -X http://[IP]/aterm_httpif.cgi/negotiate -d "REQ_ID=SUPPORT_IF_GET").
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://seclists.org/fulldisclosure/2018/Aug/26 mailing-listx_refsource_FULLDISC
    http://jvn.jp/en/jp/JVN38248512/index.html third-party-advisoryx_refsource_JVN
    Date Public
    2018-08-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:43:56.136Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20180821 CVE-2017-12575: information leakage in NEC Aterm WG2600HP2",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2018/Aug/26"
              },
              {
                "name": "JVN#38248512",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN38248512/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-08-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered on the NEC Aterm WG2600HP2 1.0.2. The router has a set of web service APIs for access to and setup of the configuration. Some APIs don\u0027t require authentication. An attacker could exploit this vulnerability by sending a crafted HTTP request to retrieve DHCP clients, firmware version, and network status (ex.: curl -X http://[IP]/aterm_httpif.cgi/negotiate -d \"REQ_ID=SUPPORT_IF_GET\")."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-22T06:06:12.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20180821 CVE-2017-12575: information leakage in NEC Aterm WG2600HP2",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2018/Aug/26"
            },
            {
              "name": "JVN#38248512",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN38248512/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-12575",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered on the NEC Aterm WG2600HP2 1.0.2. The router has a set of web service APIs for access to and setup of the configuration. Some APIs don\u0027t require authentication. An attacker could exploit this vulnerability by sending a crafted HTTP request to retrieve DHCP clients, firmware version, and network status (ex.: curl -X http://[IP]/aterm_httpif.cgi/negotiate -d \"REQ_ID=SUPPORT_IF_GET\")."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20180821 CVE-2017-12575: information leakage in NEC Aterm WG2600HP2",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2018/Aug/26"
                },
                {
                  "name": "JVN#38248512",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN38248512/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-12575",
        "datePublished": "2018-08-24T19:00:00.000Z",
        "dateReserved": "2017-08-05T00:00:00.000Z",
        "dateUpdated": "2024-08-05T18:43:56.136Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-20621 (GCVE-0-2021-20621)

    Vulnerability from cvelistv5 – Published: 2021-01-28 10:00 – Updated: 2024-08-03 17:45
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Cross-site request forgery
    Assigner
    Impacted products
    Vendor Product Version
    NEC Corporation Aterm WG2600HP and Aterm WG2600HP2 Affected: Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:45:44.833Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.aterm.jp/support/tech/2019/0328.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jpn.nec.com/security-info/secinfo/nv21-005.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN38248512/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Aterm WG2600HP and Aterm WG2600HP2",
              "vendor": "NEC Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site request forgery",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-28T10:00:29.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.aterm.jp/support/tech/2019/0328.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jpn.nec.com/security-info/secinfo/nv21-005.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN38248512/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2021-20621",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Aterm WG2600HP and Aterm WG2600HP2",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NEC Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site request forgery"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.aterm.jp/support/tech/2019/0328.html",
                  "refsource": "MISC",
                  "url": "https://www.aterm.jp/support/tech/2019/0328.html"
                },
                {
                  "name": "https://jpn.nec.com/security-info/secinfo/nv21-005.html",
                  "refsource": "MISC",
                  "url": "https://jpn.nec.com/security-info/secinfo/nv21-005.html"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN38248512/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN38248512/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2021-20621",
        "datePublished": "2021-01-28T10:00:29.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:45:44.833Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-20622 (GCVE-0-2021-20622)

    Vulnerability from cvelistv5 – Published: 2021-01-28 10:00 – Updated: 2024-08-03 17:45
    VLAI
    Summary
    Cross-site scripting vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Cross-site scripting
    Assigner
    Impacted products
    Vendor Product Version
    NEC Corporation Aterm WG2600HP and Aterm WG2600HP2 Affected: Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:45:44.887Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.aterm.jp/support/tech/2019/0328.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jpn.nec.com/security-info/secinfo/nv21-005.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN38248512/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Aterm WG2600HP and Aterm WG2600HP2",
              "vendor": "NEC Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-28T10:00:29.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.aterm.jp/support/tech/2019/0328.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jpn.nec.com/security-info/secinfo/nv21-005.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN38248512/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2021-20622",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Aterm WG2600HP and Aterm WG2600HP2",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NEC Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.aterm.jp/support/tech/2019/0328.html",
                  "refsource": "MISC",
                  "url": "https://www.aterm.jp/support/tech/2019/0328.html"
                },
                {
                  "name": "https://jpn.nec.com/security-info/secinfo/nv21-005.html",
                  "refsource": "MISC",
                  "url": "https://jpn.nec.com/security-info/secinfo/nv21-005.html"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN38248512/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN38248512/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2021-20622",
        "datePublished": "2021-01-28T10:00:29.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:45:44.887Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-12575 (GCVE-0-2017-12575)

    Vulnerability from cvelistv5 – Published: 2018-08-24 19:00 – Updated: 2024-08-05 18:43
    VLAI
    Summary
    An issue was discovered on the NEC Aterm WG2600HP2 1.0.2. The router has a set of web service APIs for access to and setup of the configuration. Some APIs don't require authentication. An attacker could exploit this vulnerability by sending a crafted HTTP request to retrieve DHCP clients, firmware version, and network status (ex.: curl -X http://[IP]/aterm_httpif.cgi/negotiate -d "REQ_ID=SUPPORT_IF_GET").
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://seclists.org/fulldisclosure/2018/Aug/26 mailing-listx_refsource_FULLDISC
    http://jvn.jp/en/jp/JVN38248512/index.html third-party-advisoryx_refsource_JVN
    Date Public
    2018-08-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:43:56.136Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20180821 CVE-2017-12575: information leakage in NEC Aterm WG2600HP2",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2018/Aug/26"
              },
              {
                "name": "JVN#38248512",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN38248512/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-08-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered on the NEC Aterm WG2600HP2 1.0.2. The router has a set of web service APIs for access to and setup of the configuration. Some APIs don\u0027t require authentication. An attacker could exploit this vulnerability by sending a crafted HTTP request to retrieve DHCP clients, firmware version, and network status (ex.: curl -X http://[IP]/aterm_httpif.cgi/negotiate -d \"REQ_ID=SUPPORT_IF_GET\")."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-22T06:06:12.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20180821 CVE-2017-12575: information leakage in NEC Aterm WG2600HP2",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2018/Aug/26"
            },
            {
              "name": "JVN#38248512",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN38248512/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-12575",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered on the NEC Aterm WG2600HP2 1.0.2. The router has a set of web service APIs for access to and setup of the configuration. Some APIs don\u0027t require authentication. An attacker could exploit this vulnerability by sending a crafted HTTP request to retrieve DHCP clients, firmware version, and network status (ex.: curl -X http://[IP]/aterm_httpif.cgi/negotiate -d \"REQ_ID=SUPPORT_IF_GET\")."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20180821 CVE-2017-12575: information leakage in NEC Aterm WG2600HP2",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2018/Aug/26"
                },
                {
                  "name": "JVN#38248512",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN38248512/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-12575",
        "datePublished": "2018-08-24T19:00:00.000Z",
        "dateReserved": "2017-08-05T00:00:00.000Z",
        "dateUpdated": "2024-08-05T18:43:56.136Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }