CVE-2021-20622

Published: Jan 28, 2021Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

Cross-site scripting vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.

Affected (2)

Products: Aterm: Wg2600hp Firmware, Wg2600hp2 Firmware

Aterm

2 products

Wg2600hp Firmware

Wg2600hp2 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Aterm Wg2600hp Firmware	Up to 1.0.2

Running on/with	Platform Versions
Aterm Wg2600hp	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Aterm Wg2600hp2 Firmware	Up to 1.0.2

Running on/with	Platform Versions
Aterm Wg2600hp2	All versions

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (6)

https://jpn.nec.com/security-info/secinfo/nv21-005.html

Source: vultures@jpcert.or.jp

Third Party Advisory

https://jvn.jp/en/jp/JVN38248512/index.html

Source: vultures@jpcert.or.jp

Third Party Advisory

https://www.aterm.jp/support/tech/2019/0328.html

Source: vultures@jpcert.or.jp

PatchVendor Advisory

https://jpn.nec.com/security-info/secinfo/nv21-005.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://jvn.jp/en/jp/JVN38248512/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.aterm.jp/support/tech/2019/0328.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.