Sign-up

ID

VAR-202002-1040


CVE

CVE-2020-5533


TITLE

NEC Aterm WG2600HS Cross-Site Scripting Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-11876 // CNNVD: CNNVD-202002-1000

DESCRIPTION

Cross-site scripting vulnerability in Aterm WG2600HS firmware Ver1.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Provided by NEC Corporation Aterm WG2600HS Is vulnerable to several vulnerabilities: ・ Cross-site scripting (CWE-79) - CVE-2020-5533 ・ OS Command injection (CWE-78) - CVE-2020-5534 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Cyber Defense Institute, Inc. Nagaoka Satoru MrThe expected impact depends on each vulnerability, but it may be affected as follows. -Any script is executed on the web browser of the user who is logged in to the product. - CVE-2020-5533 ・ Of the product HTTP Depending on the user who can log in to the service root Arbitrary with authority OS Command is executed - CVE-2020-5534. NEC Aterm WG2600HS is a wireless router from NEC Corporation. There is a cross-site scripting vulnerability in NEC Aterm WG2600HS version 1.3.2, which originates from the lack of correct verification of client data by web applications. An attacker could use this vulnerability to execute client code

Trust: 2.25

sources: NVD: CVE-2020-5533 // JVNDB: JVNDB-2020-000015 // CNVD: CNVD-2020-11876 // VULMON: CVE-2020-5533

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-11876

AFFECTED PRODUCTS

vendor:necmodel:aterm wg2600hsscope:lteversion:1.3.2

Trust: 1.0

vendor:necmodel:aterm wg2600hsscope:eqversion:ファームウェア ver1.3.2

Trust: 0.8

vendor:necmodel:aterm wg2600hsscope:eqversion:1.3.2

Trust: 0.6

vendor:necmodel:aterm wg2600hsscope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2020-11876 // JVNDB: JVNDB-2020-000015 // CNNVD: CNNVD-202002-1000 // NVD: CVE-2020-5533

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-5533
value: MEDIUM

Trust: 1.0

IPA: JVNDB-2020-000015
value: HIGH

Trust: 0.8

IPA: JVNDB-2020-000015
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-11876
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202002-1000
value: MEDIUM

Trust: 0.6

VULMON: CVE-2020-5533
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-5533
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

IPA: JVNDB-2020-000015
severity: HIGH
baseScore: 7.7
vectorString: AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

IPA: JVNDB-2020-000015
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-11876
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-5533
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

IPA: JVNDB-2020-000015
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

IPA: JVNDB-2020-000015
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-11876 // VULMON: CVE-2020-5533 // JVNDB: JVNDB-2020-000015 // JVNDB: JVNDB-2020-000015 // CNNVD: CNNVD-202002-1000 // NVD: CVE-2020-5533

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

problemtype:CWE-78

Trust: 0.8

sources: JVNDB: JVNDB-2020-000015 // NVD: CVE-2020-5533

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202002-1000

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202002-1000

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-000015

PATCH
title:Aterm WG2600HSにおける複数の脆弱性url:https://jpn.nec.com/security-info/secinfo/nv20-003.html
Trust: 0.8
title:Patch for NEC Aterm WG2600HS Cross-Site Scripting Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/202439
Trust: 0.6
title:NEC Aterm WG2600HS Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110552
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-11876 // 
            
            
            
            JVNDB: JVNDB-2020-000015 // 
            
            
            
            CNNVD: CNNVD-202002-1000

EXTERNAL IDS
db:NVDid:CVE-2020-5533
Trust: 3.1
db:JVNid:JVN49410695
Trust: 2.5
db:JVNDBid:JVNDB-2020-000015
Trust: 2.0
db:CNVDid:CNVD-2020-11876
Trust: 0.6
db:CNNVDid:CNNVD-202002-1000
Trust: 0.6
db:VULMONid:CVE-2020-5533
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-11876 // 
            
            
            
            VULMON: CVE-2020-5533 // 
            
            
            
            JVNDB: JVNDB-2020-000015 // 
            
            
            
            CNNVD: CNNVD-202002-1000 // 
            
            
            
            NVD: CVE-2020-5533

REFERENCES
url:https://jpn.nec.com/security-info/secinfo/nv20-003.html
Trust: 1.7
url:https://jvn.jp/en/jp/jvn49410695/index.html
Trust: 1.7
url:https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-000015.html
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5533
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5534
Trust: 0.8
url:https://jvn.jp/jp/jvn49410695/index.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-5533
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/79.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/176488
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-11876 // 
            
            
            
            VULMON: CVE-2020-5533 // 
            
            
            
            JVNDB: JVNDB-2020-000015 // 
            
            
            
            CNNVD: CNNVD-202002-1000 // 
            
            
            
            NVD: CVE-2020-5533

SOURCES
db:CNVDid:CNVD-2020-11876
db:VULMONid:CVE-2020-5533
db:JVNDBid:JVNDB-2020-000015
db:CNNVDid:CNNVD-202002-1000
db:NVDid:CVE-2020-5533

LAST UPDATE DATE
2024-11-23T21:59:28.993000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-11876date:2020-02-21T00:00:00
db:VULMONid:CVE-2020-5533date:2020-02-21T00:00:00
db:JVNDBid:JVNDB-2020-000015date:2020-02-19T00:00:00
db:CNNVDid:CNNVD-202002-1000date:2020-02-24T00:00:00
db:NVDid:CVE-2020-5533date:2024-11-21T05:34:13.780

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-11876date:2020-02-21T00:00:00
db:VULMONid:CVE-2020-5533date:2020-02-21T00:00:00
db:JVNDBid:JVNDB-2020-000015date:2020-02-19T00:00:00
db:CNNVDid:CNNVD-202002-1000date:2020-02-19T00:00:00
db:NVDid:CVE-2020-5533date:2020-02-21T10:15:11.857