CVE-2023-3332

Improper Neutralization of Input During Web Page Generation vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to execute an arbitrary script, after obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities.

CVSS v3 4.8 MEDIUM

4.8^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.7 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://https://jpn.nec.com/security-info/secinfo/nv23-007_en.html	Broken Link

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:nec:aterm_wf300hp_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wf300hp:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:nec:aterm_wg1400hp_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wg1400hp:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:nec:aterm_wg1800hp_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wg1800hp:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:nec:aterm_wg1800hp2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wg1800hp2:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:nec:aterm_wg2200hp_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wg2200hp:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:nec:aterm_wg2600hp_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wg2600hp:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:nec:aterm_wg2600hp2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wg2600hp2:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:nec:aterm_wg300hp_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wg300hp:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:nec:aterm_wg600hp_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wg600hp:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:nec:aterm_wr8600n_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wr8600n:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:nec:aterm_wr8700n_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wr8700n:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:nec:aterm_wr8750n_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wr8750n:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:nec:aterm_wr9300n_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wr9300n:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:nec:aterm_wr9500n_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wr9500n:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:nec:aterm_wr8170n_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wr8170n:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:nec:aterm_wr8175n_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wr8175n:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:nec:aterm_wr8370n_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wr8370n:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-06-28 02:15

Updated : 2023-07-05 19:19

NVD link : CVE-2023-3332

Mitre link : CVE-2023-3332

CVE.ORG link : CVE-2023-3332

JSON object : View

Products Affected

nec

aterm_wg2600hp2
aterm_wr9500n
aterm_wr8750n_firmware
aterm_wg600hp
aterm_wr8600n_firmware
aterm_wr8370n
aterm_wg2600hp_firmware
aterm_wg1800hp_firmware
aterm_wr8600n
aterm_wr9300n_firmware
aterm_wr9500n_firmware
aterm_wr8700n_firmware
aterm_wg1400hp_firmware
aterm_wg1400hp
aterm_wf300hp_firmware
aterm_wg1800hp
aterm_wf300hp
aterm_wr9300n
aterm_wg1800hp2
aterm_wg300hp_firmware
aterm_wr8750n
aterm_wr8170n_firmware
aterm_wg1800hp2_firmware
aterm_wg2600hp
aterm_wr8700n
aterm_wg600hp_firmware
aterm_wr8175n_firmware
aterm_wg2200hp_firmware
aterm_wr8370n_firmware
aterm_wr8170n
aterm_wr8175n
aterm_wg300hp
aterm_wg2600hp2_firmware
aterm_wg2200hp

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

4.8 /10