CVE-2021-20680

Published Apr 26, 2021

Last updated 4 years ago

CVSS medium 6.1

Overview

Description: Cross-site scripting vulnerability in NEC Aterm devices (Aterm WG1900HP2 firmware Ver.1.3.1 and earlier, Aterm WG1900HP firmware Ver.2.5.1 and earlier, Aterm WG1800HP4 firmware Ver.1.3.1 and earlier, Aterm WG1800HP3 firmware Ver.1.5.1 and earlier, Aterm WG1200HS2 firmware Ver.2.5.0 and earlier, Aterm WG1200HP3 firmware Ver.1.3.1 and earlier, Aterm WG1200HP2 firmware Ver.2.5.0 and earlier, Aterm W1200EX firmware Ver.1.3.1 and earlier, Aterm W1200EX-MS firmware Ver.1.3.1 and earlier, Aterm WG1200HS firmware all versions Aterm WG1200HP firmware all versions Aterm WF800HP firmware all versions Aterm WF300HP2 firmware all versions Aterm WR8165N firmware all versions Aterm W500P firmware all versions, and Aterm W300P firmware all versions) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
Source: vultures@jpcert.or.jp
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.1
Impact score: 2.7
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:nec:aterm_wg1900hp2_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83AEFD6C-A7A1-4A75-8DD3-0D967753E453",
            "versionEndIncluding": "1.3.1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:nec:aterm_wg1900hp2:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "189508FB-75EC-49CE-A6F5-3E4A8F3E57E7"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:nec:aterm_wg1900hp_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8712C863-812C-43C6-B132-C9B4865F1FC1",
            "versionEndIncluding": "2.5.1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:nec:aterm_wg1900hp:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1EE892DF-9165-4ED3-B5F4-B3232BC7B07A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:nec:aterm_wg1800hp4_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B3A82997-AD12-4FD6-BA13-041B63F9149D",
            "versionEndIncluding": "1.3.1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:nec:aterm_wg1800hp4:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D9130B16-D277-4335-8FBF-83715094FA70"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:nec:aterm_wg1800hp3_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B6265021-1C8A-4956-B60B-2DDDDD943E5E",
            "versionEndIncluding": "1.5.1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:nec:aterm_wg1800hp3:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "87EF7C61-A13A-4EF8-8034-90D7E2AD3A86"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:nec:aterm_wg1200hs3_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D8EC4D3-F7D5-40EA-9132-74C92305D943",
            "versionEndIncluding": "1.1.2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:nec:aterm_wg1200hs3:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0BE6AFC0-F46F-491F-88E0-5EB17420F5EE"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:nec:aterm_wg1200hs2_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ACA55E65-20CF-4837-A19D-8D066D55D700",
            "versionEndIncluding": "2.5.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:nec:aterm_wg1200hs2:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "65C2F75B-CA40-4795-ABD4-2101A1DF1EDA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:nec:aterm_wg1200hp3_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B1CD2FB-AE3E-454D-BF77-315408F429F8",
            "versionEndIncluding": "1.3.1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:nec:aterm_wg1200hp3:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FB299D6D-056F-4F75-AD19-81F11C79CA08"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:nec:aterm_wg1200hp2_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7ABEF0FE-DFF6-4EA2-9F4B-19067B3B0E33",
            "versionEndIncluding": "2.5.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:nec:aterm_wg1200hp2:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "90D0B0AE-064D-4E48-9155-47ECDFBAAE26"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:nec:aterm_w1200ex_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "03154BBD-A8DF-467B-A52F-3D504AB8D289",
            "versionEndIncluding": "1.3.1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:nec:aterm_w1200ex:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A6FC4695-46CA-489F-8AAC-70B6B5998A78"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:nec:aterm_w1200ex-ms_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD14910C-11F2-40CF-AED3-94CFF4CBD550",
            "versionEndIncluding": "1.3.1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:nec:aterm_w1200ex-ms:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "29756D80-6095-4CCA-9436-FA61503B2E47"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:nec:aterm_wg1200hs_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A71148C3-6ABC-42DB-A413-C66E3B162792"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:nec:aterm_wg1200hs:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "787BD0AE-4F79-47C0-89D2-DF6979AA34C0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:nec:aterm_wg1200hp_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "233211A6-DA9B-4744-A535-1FF7326FA135"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:nec:aterm_wg1200hp:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "10366DDB-2294-47CF-851A-06DFEE24402C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:nec:aterm_wf800hp_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BF216701-8434-4106-A56F-62B20F350C27"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:nec:aterm_wf800hp:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9C12DE60-3B6E-4450-8D30-C3ED64A86915"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:nec:aterm_wf300hp2_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4087211-55B1-4704-B78C-376917D5EDB8"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:nec:aterm_wf300hp2:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D2EBDFB7-3920-4982-8114-EC9E92180D89"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:nec:aterm_wr8165n_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "54517F68-A183-4791-8871-C85FA60F7842"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:nec:aterm_wr8165n:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F7188074-EE16-4110-8AC4-4084300EE122"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:nec:aterm_w500p_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E726FDA-A803-472C-B30B-32BE8283CAFF"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:nec:aterm_w500p:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A67ABBE5-AED3-416F-A57D-06DBE302FF3B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:nec:aterm_w300p_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F5203B2C-AB30-49B2-BDB2-4FD48C6119F9"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:nec:aterm_w300p:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "157C035B-CA94-43C3-83B8-6C531F7D0FEB"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References