Sign-up

ID

VAR-202101-0875


CVE

CVE-2021-20621


TITLE

Aterm WF800HP , Aterm WG2600HP  and  Aterm WG2600HP2  Multiple vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2021-000006

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Provided by NEC Corporation Aterm WF800HP , Aterm WG2600HP and Aterm WG2600HP2 There are multiple vulnerabilities in. Aterm WF800HP ・ Cross-site scripting (CWE-79) - CVE-2021-20620Aterm WG2600HP and Aterm WG2600HP2 ・ Inadequate access restrictions (CWE-284) - CVE-2017-12575 ・ Cross-site request forgery (CWE-352) - CVE-2021-20621 ・ Cross-site scripting (CWE-79) - CVE-2021-20622CVE-2021-20620 This vulnerability information is provided by the following persons based on Information Security Early Warning Partnership: IPA Report to JPCERT/CC Coordinated with the developers. Reporter : Cyber Defense Institute, Inc. Nagaoka Satoru Mr CVE-2021-20621, CVE-2021-20622 This vulnerability information is provided by the following persons based on Information Security Early Warning Partnership: IPA Report to JPCERT/CC Coordinated with the developers. Reporter : Cyber Defense Institute, Inc. Iwasaki Tokumei MrThe expected impact depends on each vulnerability, but it may be affected as follows. -Any script is executed on the web browser of the user who accessed the product. - CVE-2021-20620 ・ The setting information stored in the product may be stolen or changed by a remote third party. - CVE-2017-12575 -When a user logged in to the product accesses a specially crafted page, he / she is forced to perform an unintended operation. - CVE-2021-20621 -Any script is executed on the web browser of the user who is logged in to the product. - CVE-2021-20622

Trust: 1.71

sources: NVD: CVE-2021-20621 // JVNDB: JVNDB-2021-000006 // VULMON: CVE-2021-20621

AFFECTED PRODUCTS

vendor:atermmodel:wg2600hp2scope:lteversion:1.0.2

Trust: 1.0

vendor:atermmodel:wg2600hpscope:lteversion:1.0.2

Trust: 1.0

vendor:日本電気model:aterm wf800hpscope:eqversion:firmware all versions

Trust: 0.8

vendor:日本電気model:aterm wg2600hp2scope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wg2600hpscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-000006 // NVD: CVE-2021-20621

CVSS

SEVERITY

CVSSV2

CVSSV3

IPA: JVNDB-2021-000006
value: MEDIUM

Trust: 2.4

nvd@nist.gov: CVE-2021-20621
value: HIGH

Trust: 1.0

IPA: JVNDB-2021-000006
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202101-2029
value: HIGH

Trust: 0.6

VULMON: CVE-2021-20621
value: MEDIUM

Trust: 0.1

IPA: JVNDB-2021-000006
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.6

nvd@nist.gov: CVE-2021-20621
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

IPA: JVNDB-2021-000006
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

IPA: JVNDB-2021-000006
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

IPA: JVNDB-2021-000006
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 1.6

nvd@nist.gov: CVE-2021-20621
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

IPA: JVNDB-2021-000006
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

IPA: JVNDB-2021-000006
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2021-20621 // JVNDB: JVNDB-2021-000006 // JVNDB: JVNDB-2021-000006 // JVNDB: JVNDB-2021-000006 // JVNDB: JVNDB-2021-000006 // CNNVD: CNNVD-202101-2029 // NVD: CVE-2021-20621

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.0

problemtype:Cross-site scripting (CWE-79) [IPA Evaluation ]

Trust: 0.8

problemtype: Cross-site request forgery (CWE-352) [IPA Evaluation ]

Trust: 0.8

problemtype: Authorization / authority / access control (CWE-264) [IPA Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-000006 // NVD: CVE-2021-20621

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-2029

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-202101-2029

PATCH

title:Aterm  series   Multiple vulnerabilities in Support informationurl:https://jpn.nec.com/security-info/secinfo/nv21-005.html

Trust: 0.8

title:Aterm Repair measures for cross-site request forgery vulnerabilities in multiple productsurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139979

Trust: 0.6

sources: JVNDB: JVNDB-2021-000006 // CNNVD: CNNVD-202101-2029

EXTERNAL IDS

db:JVNid:JVN38248512

Trust: 2.5

db:NVDid:CVE-2021-20621

Trust: 2.5

db:JVNDBid:JVNDB-2021-000006

Trust: 1.4

db:CNNVDid:CNNVD-202101-2029

Trust: 0.6

db:VULMONid:CVE-2021-20621

Trust: 0.1

sources: VULMON: CVE-2021-20621 // JVNDB: JVNDB-2021-000006 // CNNVD: CNNVD-202101-2029 // NVD: CVE-2021-20621

REFERENCES

url:https://jpn.nec.com/security-info/secinfo/nv21-005.html

Trust: 1.7

url:https://jvn.jp/en/jp/jvn38248512/index.html

Trust: 1.7

url:https://www.aterm.jp/support/tech/2019/0328.html

Trust: 1.7

url:https://jvn.jp/jp/jvn38248512/index.html

Trust: 0.8

url:https://jvndb.jvn.jp/en/contents/2021/jvndb-2021-000006.html

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-20621

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/352.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/195442

Trust: 0.1

sources: VULMON: CVE-2021-20621 // JVNDB: JVNDB-2021-000006 // CNNVD: CNNVD-202101-2029 // NVD: CVE-2021-20621

SOURCES

db:VULMONid:CVE-2021-20621
db:JVNDBid:JVNDB-2021-000006
db:CNNVDid:CNNVD-202101-2029
db:NVDid:CVE-2021-20621

LAST UPDATE DATE

2024-11-23T21:51:05.480000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2021-20621date:2021-02-01T00:00:00
db:JVNDBid:JVNDB-2021-000006date:2021-02-03T03:04:00
db:CNNVDid:CNNVD-202101-2029date:2021-02-09T00:00:00
db:NVDid:CVE-2021-20621date:2024-11-21T05:46:53.613

SOURCES RELEASE DATE

db:VULMONid:CVE-2021-20621date:2021-01-28T00:00:00
db:JVNDBid:JVNDB-2021-000006date:2021-01-22T00:00:00
db:CNNVDid:CNNVD-202101-2029date:2021-01-22T00:00:00
db:NVDid:CVE-2021-20621date:2021-01-28T11:15:13.793