CVE-2021-20680

Name of the Vulnerable Software and Affected Versions: NEC Aterm WG1900HP2 versions 1.3.1 and earlier NEC Aterm WG1900HP versions 2.5.1 and earlier NEC Aterm WG1800HP4 versions 1.3.1 and earlier NEC Aterm WG1800HP3 versions 1.5.1 and earlier NEC Aterm WG1200HS2 versions 2.5.0 and earlier NEC Aterm WG1200HP3 versions 1.3.1 and earlier NEC Aterm WG1200HP2 versions 2.5.0 and earlier NEC Aterm W1200EX versions 1.3.1 and earlier NEC Aterm W1200EX-MS versions 1.3.1 and earlier NEC Aterm WG1200HS all versions NEC Aterm WG1200HP all versions NEC Aterm WF800HP all versions NEC Aterm WF300HP2 all versions NEC Aterm WR8165N all versions NEC Aterm W500P all versions NEC Aterm W300P all versions

Description: A cross-site scripting issue in NEC Aterm devices allows remote attackers to inject arbitrary script or HTML via unspecified vectors.

Recommendations: For NEC Aterm WG1900HP2 versions 1.3.1 and earlier, update to a version later than 1.3.1. For NEC Aterm WG1900HP versions 2.5.1 and earlier, update to a version later than 2.5.1. For NEC Aterm WG1800HP4 versions 1.3.1 and earlier, update to a version later than 1.3.1. For NEC Aterm WG1800HP3 versions 1.5.1 and earlier, update to a version later than 1.5.1. For NEC Aterm WG1200HS2 versions 2.5.0 and earlier, update to a version later than 2.5.0. For NEC Aterm WG1200HP3 versions 1.3.1 and earlier, update to a version later than 1.3.1. For NEC Aterm WG1200HP2 versions 2.5.0 and earlier, update to a version later than 2.5.0. For NEC Aterm W1200EX versions 1.3.1 and earlier, update to a version later than 1.3.1. For NEC Aterm W1200EX-MS versions 1.3.1 and earlier, update to a version later than 1.3.1. For NEC Aterm WG1200HS all versions, NEC Aterm WG1200HP all versions, NEC Aterm WF800HP all versions, NEC Aterm WF300HP2 all versions, NEC Aterm WR8165N all versions, NEC Aterm W500P all versions, and NEC Aterm W300P all versions, at the moment, there is no information about a newer version that contains a fix for this issue.