PT-2021-14168 · Nec · Nec Aterm Wg1200Cr+1
Taizoh Tsukamoto
·
Published
2021-04-26
·
Updated
2021-05-05
·
CVE-2021-20709
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
NEC Aterm WF1200CR versions 1.3.2 and earlier
NEC Aterm WG1200CR versions 1.3.3 and earlier
NEC Aterm WG2600HS versions 1.5.1 and earlier
Description:
The issue is related to improper validation of an integrity check value, allowing an attacker with administrative privileges to execute arbitrary OS commands. This can be achieved by sending a specially crafted request to a specific URL.
Recommendations:
For NEC Aterm WF1200CR versions 1.3.2 and earlier, update to a version later than 1.3.2 to resolve the issue.
For NEC Aterm WG1200CR versions 1.3.3 and earlier, update to a version later than 1.3.3 to resolve the issue.
For NEC Aterm WG2600HS versions 1.5.1 and earlier, update to a version later than 1.5.1 to resolve the issue.
As a temporary workaround, consider restricting access to the specific URL that can be exploited to execute arbitrary OS commands.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nec Aterm Wg1200Cr
Nec Aterm Wg2600Hs