CVE-2021-20621

Published: Jan 28, 2021Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

Affected (2)

Products: Aterm: Wg2600hp Firmware, Wg2600hp2 Firmware

Aterm

2 products

Wg2600hp Firmware

Wg2600hp2 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Aterm Wg2600hp Firmware	Up to 1.0.2

Running on/with	Platform Versions
Aterm Wg2600hp	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Aterm Wg2600hp2 Firmware	Up to 1.0.2

Running on/with	Platform Versions
Aterm Wg2600hp2	All versions

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (6)

https://jpn.nec.com/security-info/secinfo/nv21-005.html

Source: vultures@jpcert.or.jp

Third Party Advisory

https://jvn.jp/en/jp/JVN38248512/index.html

Source: vultures@jpcert.or.jp

Third Party Advisory

https://www.aterm.jp/support/tech/2019/0328.html

Source: vultures@jpcert.or.jp

PatchVendor Advisory

https://jpn.nec.com/security-info/secinfo/nv21-005.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://jvn.jp/en/jp/JVN38248512/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.aterm.jp/support/tech/2019/0328.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.