CVE-2023-3330

Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to obtain specific files in the product.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://jpn.nec.com/security-info/secinfo/nv23-007_en.html

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:nec:aterm_wf300hp_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wf300hp:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:nec:aterm_wg1400hp_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wg1400hp:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:nec:aterm_wg1800hp_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wg1800hp:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:nec:aterm_wg1800hp2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wg1800hp2:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:nec:aterm_wg2200hp_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wg2200hp:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:nec:aterm_wg2600hp_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wg2600hp:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:nec:aterm_wg2600hp2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wg2600hp2:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:nec:aterm_wg300hp_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wg300hp:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:nec:aterm_wg600hp_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wg600hp:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:nec:aterm_wr8600n_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wr8600n:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:nec:aterm_wr8700n_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wr8700n:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:nec:aterm_wr8750n_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wr8750n:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:nec:aterm_wr9300n_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wr9300n:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:nec:aterm_wr9500n_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wr9500n:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:nec:aterm_wr8170n_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wr8170n:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:nec:aterm_wr8175n_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wr8175n:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:nec:aterm_wr8370n_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wr8370n:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-06-28 02:15

Updated : 2023-08-28 01:15

NVD link : CVE-2023-3330

Mitre link : CVE-2023-3330

CVE.ORG link : CVE-2023-3330

JSON object : View

Products Affected

nec

aterm_wg2600hp2
aterm_wr9500n
aterm_wr8750n_firmware
aterm_wg600hp
aterm_wr8600n_firmware
aterm_wr8370n
aterm_wg2600hp_firmware
aterm_wg1800hp_firmware
aterm_wr8600n
aterm_wr9300n_firmware
aterm_wr9500n_firmware
aterm_wr8700n_firmware
aterm_wg1400hp_firmware
aterm_wg1400hp
aterm_wf300hp_firmware
aterm_wg1800hp
aterm_wf300hp
aterm_wr9300n
aterm_wg1800hp2
aterm_wg300hp_firmware
aterm_wr8750n
aterm_wr8170n_firmware
aterm_wg1800hp2_firmware
aterm_wg2600hp
aterm_wr8700n
aterm_wg600hp_firmware
aterm_wr8175n_firmware
aterm_wg2200hp_firmware
aterm_wr8370n_firmware
aterm_wr8170n
aterm_wr8175n
aterm_wg300hp
aterm_wg2600hp2_firmware
aterm_wg2200hp

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

4.3 /10