CVE-2023-3333

Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to execute an arbitrary OS command with the root privilege, after obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://https://jpn.nec.com/security-info/secinfo/nv23-007_en.html	Broken Link

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:nec:aterm_wf300hp_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wf300hp:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:nec:aterm_wg1400hp_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wg1400hp:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:nec:aterm_wg1800hp_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wg1800hp:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:nec:aterm_wg1800hp2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wg1800hp2:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:nec:aterm_wg2200hp_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wg2200hp:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:nec:aterm_wg2600hp_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wg2600hp:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:nec:aterm_wg2600hp2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wg2600hp2:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:nec:aterm_wg300hp_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wg300hp:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:nec:aterm_wg600hp_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wg600hp:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:nec:aterm_wr8600n_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wr8600n:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:nec:aterm_wr8700n_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wr8700n:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:nec:aterm_wr8750n_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wr8750n:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:nec:aterm_wr9300n_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wr9300n:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:nec:aterm_wr9500n_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wr9500n:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:nec:aterm_wr8170n_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wr8170n:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:nec:aterm_wr8175n_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wr8175n:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:nec:aterm_wr8370n_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:aterm_wr8370n:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-06-28 02:15

Updated : 2023-07-05 19:19

NVD link : CVE-2023-3333

Mitre link : CVE-2023-3333

CVE.ORG link : CVE-2023-3333

JSON object : View

Products Affected

nec

aterm_wg2600hp2
aterm_wr9500n
aterm_wr8750n_firmware
aterm_wg600hp
aterm_wr8600n_firmware
aterm_wr8370n
aterm_wg2600hp_firmware
aterm_wg1800hp_firmware
aterm_wr8600n
aterm_wr9300n_firmware
aterm_wr9500n_firmware
aterm_wr8700n_firmware
aterm_wg1400hp_firmware
aterm_wg1400hp
aterm_wf300hp_firmware
aterm_wg1800hp
aterm_wf300hp
aterm_wr9300n
aterm_wg1800hp2
aterm_wg300hp_firmware
aterm_wr8750n
aterm_wr8170n_firmware
aterm_wg1800hp2_firmware
aterm_wg2600hp
aterm_wr8700n
aterm_wg600hp_firmware
aterm_wr8175n_firmware
aterm_wg2200hp_firmware
aterm_wr8370n_firmware
aterm_wr8170n
aterm_wr8175n
aterm_wg300hp
aterm_wg2600hp2_firmware
aterm_wg2200hp

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2023-3333", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2023-06-28T02:15:49.713", "references": [{"url": "https://https://jpn.nec.com/security-info/secinfo/nv23-007_en.html", "tags": ["Broken Link"], "source": "psirt-info@cyber.jp.nec.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}, {"type": "Secondary", "source": "psirt-info@cyber.jp.nec.com", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows\u00a0a attacker\u00a0to\u00a0execute an arbitrary OS command with the root privilege, after obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities."}], "lastModified": "2023-07-05T19:19:52.590", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nec:aterm_wf300hp_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4FDEB886-84A3-466F-A44D-C8343DC8EA26"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nec:aterm_wf300hp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "02D5D7A6-3E46-401A-8987-ECCC0D97BE73"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nec:aterm_wg1400hp_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D2A5730-11AC-4920-ACC3-B16F3F06F74D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nec:aterm_wg1400hp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0B516AF4-E4BE-4074-A8B7-67276C7B57CD"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nec:aterm_wg1800hp_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C771D26-13FE-4821-8FAE-7B55E147C586"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nec:aterm_wg1800hp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "44146A63-6E9A-4A6A-836A-FA75E0954E35"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nec:aterm_wg1800hp2_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9971F7F6-56E0-49D8-8D77-EEE4E0398531"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nec:aterm_wg1800hp2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E7F7EC38-F304-41AD-9F85-39820E5945E6"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nec:aterm_wg2200hp_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A48CCBD-1662-4188-ADBB-B3E69E2330F6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nec:aterm_wg2200hp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F167B2EE-7708-4A73-A52D-35725A0A1E29"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nec:aterm_wg2600hp_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B377AF40-2788-4192-AC90-E6395B62FC4C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nec:aterm_wg2600hp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "872F8DA6-CB06-4886-801D-DC8F53EB7305"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nec:aterm_wg2600hp2_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85717CF6-DB27-4F5F-9685-5235A5EB402B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nec:aterm_wg2600hp2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "49782342-2E93-475A-90A5-9EDF40F97137"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nec:aterm_wg300hp_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3736608B-2D6C-4E2B-A52D-D3F1E60C1498"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nec:aterm_wg300hp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "195A8A79-4E27-4EDD-975F-A4B58F040221"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nec:aterm_wg600hp_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6CC22AB5-2239-45FB-B57E-6344FE3EA483"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nec:aterm_wg600hp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "049F25E4-A0A6-4E98-9FB2-63BF9D451B4A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nec:aterm_wr8600n_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "093CFEBE-49F0-4387-B0CD-377F580E37AA"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nec:aterm_wr8600n:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D96606ED-63AA-41E0-823A-16A2CD5200FD"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nec:aterm_wr8700n_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9FCBF41D-824A-449C-9C1F-5FF3DE9D6F08"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nec:aterm_wr8700n:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1FD5B8F6-19F6-4F80-90C3-AC4EFE564FFF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nec:aterm_wr8750n_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "014F8A96-0AA2-4C65-89F8-2DF59717D079"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nec:aterm_wr8750n:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9559B967-CCD6-4CEE-ADD8-862D1D7E5D96"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nec:aterm_wr9300n_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96E88402-955F-4565-8219-1332DBC3FAB5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nec:aterm_wr9300n:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B83D44BD-00FB-4F15-B543-84DF92E67CBD"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nec:aterm_wr9500n_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B542A9B-FBE4-446B-9BCF-F86859BB2F16"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nec:aterm_wr9500n:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "63C99E37-A070-49C3-BB3B-AE189F02E5F2"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nec:aterm_wr8170n_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9E46CDB-A7B3-4A2C-8A91-E18986F60AC6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nec:aterm_wr8170n:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "24F752BB-CFD7-41EC-83FD-7C0A352C72B7"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nec:aterm_wr8175n_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D29A7303-517C-4FDE-AB97-9AD9D42F1E5F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nec:aterm_wr8175n:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "138732B4-C531-4DD3-B2C6-F672E72EE3AE"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nec:aterm_wr8370n_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02434FCD-EBFB-4A93-A0F1-E0FED57715C1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nec:aterm_wr8370n:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B487F29B-4F4D-40EB-9D7E-48681370F5F6"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt-info@cyber.jp.nec.com"}

7.2 /10