Vulnerability-Lookup

GHSA-XXP5-Q6RF-MMR6

Vulnerability from github – Published: 2023-06-28 03:31 – Updated: 2024-04-04 05:13

Details

Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2200HP all versions allows a attacker to obtain specific files in the product

Severity ?

4.3 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-3330"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-28T02:15:49Z",
    "severity": "MODERATE"
  },
  "details": "Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2200HP all versions allows\u00a0a attacker\u00a0to\u00a0obtain specific files in the product\n\n.",
  "id": "GHSA-xxp5-q6rf-mmr6",
  "modified": "2024-04-04T05:13:43Z",
  "published": "2023-06-28T03:31:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3330"
    },
    {
      "type": "WEB",
      "url": "https://https://jpn.nec.com/security-info/secinfo/nv23-007_en.html"
    },
    {
      "type": "WEB",
      "url": "https://jpn.nec.com/security-info/secinfo/nv23-007_en.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2023-3330 (GCVE-0-2023-3330)

Vulnerability from cvelistv5 – Published: 2023-06-28 01:13 – Updated: 2024-12-04 21:42

Summary

Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to obtain specific files in the product.

Severity ?

No CVSS data available.

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory

Assigner

NEC

References

URL

Tags

https://jpn.nec.com/security-info/secinfo/nv23-00…

Impacted products

Vendor

Product

Version

NEC Corporation

Aterm WG2600HP2

Affected: all versions

NEC Corporation	Aterm WG2600HP	Affected: all versions
NEC Corporation	Aterm WG2200HP	Affected: all versions
NEC Corporation	Aterm WG2200HP	Affected: all versions
NEC Corporation	Aterm WG1800HP2	Affected: all versions
NEC Corporation	Aterm WG1800HP	Affected: all versions
NEC Corporation	Aterm WG1400HP	Affected: all versions
NEC Corporation	Aterm WG600HP	Affected: all versions
NEC Corporation	Aterm WG300HP	Affected: all versions
NEC Corporation	Aterm WF300HP	Affected: all versions
NEC Corporation	Aterm WR9500N	Affected: all versions
NEC Corporation	Aterm WR9300N	Affected: all versions
NEC Corporation	Aterm WR8750N	Affected: all versions
NEC Corporation	Aterm WR8700N	Affected: all versions
NEC Corporation	Aterm WR8600N	Affected: all versions
NEC Corporation	Aterm WR8370N	Affected: all versions
NEC Corporation	Aterm WR8175N	Affected: all versions
NEC Corporation	Aterm WR8170N	Affected: all versions

Credits

Mr. Taizoh Tsukamoto in Mitsui Bussan Secure Directions, Inc.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:55:00.699Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jpn.nec.com/security-info/secinfo/nv23-007_en.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-3330",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-04T20:43:58.758310Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-04T21:42:54.798Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Aterm WG2600HP2",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Aterm WG2600HP",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Aterm WG2200HP",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Aterm WG2200HP",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Aterm WG1800HP2",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Aterm WG1800HP",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Aterm WG1400HP",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Aterm WG600HP",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Aterm WG300HP",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Aterm WF300HP",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Aterm WR9500N",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Aterm WR9300N",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Aterm WR8750N",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Aterm WR8700N",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Aterm WR8600N",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Aterm WR8370N",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Aterm WR8175N",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Aterm WR8170N",
          "vendor": "NEC Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Mr. Taizoh Tsukamoto in Mitsui Bussan Secure Directions, Inc."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003ea attacker\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eto\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;obtain specific files in the product\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e.\u003c/span\u003e"
            }
          ],
          "value": "Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows\u00a0a attacker\u00a0to\u00a0obtain specific files in the product."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-28T00:56:00.401Z",
        "orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
        "shortName": "NEC"
      },
      "references": [
        {
          "url": "https://jpn.nec.com/security-info/secinfo/nv23-007_en.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\nStop using the products or remove the USB storage.\u003cbr\u003e"
            }
          ],
          "value": "\nStop using the products or remove the USB storage.\n"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
    "assignerShortName": "NEC",
    "cveId": "CVE-2023-3330",
    "datePublished": "2023-06-28T01:13:03.181Z",
    "dateReserved": "2023-06-20T01:14:05.654Z",
    "dateUpdated": "2024-12-04T21:42:54.798Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-XXP5-Q6RF-MMR6

CVE-2023-3330 (GCVE-0-2023-3330)

Tags

Sightings

Nomenclature