Sign-up

ID

VAR-202104-0310


CVE

CVE-2021-20680


TITLE

NEC Aterm Cross-site scripting vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-630

DESCRIPTION

Cross-site scripting vulnerability in NEC Aterm devices (Aterm WG1900HP2 firmware Ver.1.3.1 and earlier, Aterm WG1900HP firmware Ver.2.5.1 and earlier, Aterm WG1800HP4 firmware Ver.1.3.1 and earlier, Aterm WG1800HP3 firmware Ver.1.5.1 and earlier, Aterm WG1200HS2 firmware Ver.2.5.0 and earlier, Aterm WG1200HP3 firmware Ver.1.3.1 and earlier, Aterm WG1200HP2 firmware Ver.2.5.0 and earlier, Aterm W1200EX firmware Ver.1.3.1 and earlier, Aterm W1200EX-MS firmware Ver.1.3.1 and earlier, Aterm WG1200HS firmware all versions Aterm WG1200HP firmware all versions Aterm WF800HP firmware all versions Aterm WF300HP2 firmware all versions Aterm WR8165N firmware all versions Aterm W500P firmware all versions, and Aterm W300P firmware all versions) allows remote attackers to inject arbitrary script or HTML via unspecified vectors

Trust: 0.99

sources: NVD: CVE-2021-20680 // VULMON: CVE-2021-20680

AFFECTED PRODUCTS

vendor:necmodel:aterm wf300hp2scope:eqversion:*

Trust: 1.0

vendor:necmodel:aterm w1200ex-msscope:lteversion:1.3.1

Trust: 1.0

vendor:necmodel:aterm wg1200hs3scope:lteversion:1.1.2

Trust: 1.0

vendor:necmodel:aterm w1200exscope:lteversion:1.3.1

Trust: 1.0

vendor:necmodel:aterm wf800hpscope:eqversion:*

Trust: 1.0

vendor:necmodel:aterm wg1900hp2scope:lteversion:1.3.1

Trust: 1.0

vendor:necmodel:aterm w500pscope:eqversion:*

Trust: 1.0

vendor:necmodel:aterm w300pscope:eqversion:*

Trust: 1.0

vendor:necmodel:aterm wg1200hp2scope:lteversion:2.5.0

Trust: 1.0

vendor:necmodel:aterm wg1900hpscope:lteversion:2.5.1

Trust: 1.0

vendor:necmodel:aterm wg1200hs2scope:lteversion:2.5.0

Trust: 1.0

vendor:necmodel:aterm wg1200hsscope:eqversion:*

Trust: 1.0

vendor:necmodel:aterm wg1200hpscope:eqversion:*

Trust: 1.0

vendor:necmodel:aterm wg1800hp4scope:lteversion:1.3.1

Trust: 1.0

vendor:necmodel:aterm wr8165nscope:eqversion:*

Trust: 1.0

vendor:necmodel:aterm wg1800hp3scope:lteversion:1.5.1

Trust: 1.0

vendor:necmodel:aterm wg1200hp3scope:lteversion:1.3.1

Trust: 1.0

sources: NVD: CVE-2021-20680

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-20680
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202104-630
value: MEDIUM

Trust: 0.6

VULMON: CVE-2021-20680
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-20680
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

nvd@nist.gov: CVE-2021-20680
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

sources: VULMON: CVE-2021-20680 // CNNVD: CNNVD-202104-630 // NVD: CVE-2021-20680

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.0

sources: NVD: CVE-2021-20680

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-630

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202104-630

PATCH

title:NEC Aterm Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147086

Trust: 0.6

sources: CNNVD: CNNVD-202104-630

EXTERNAL IDS

db:JVNid:JVN67456944

Trust: 1.7

db:NVDid:CVE-2021-20680

Trust: 1.7

db:JVNDBid:JVNDB-2021-000028

Trust: 0.6

db:CNNVDid:CNNVD-202104-630

Trust: 0.6

db:VULMONid:CVE-2021-20680

Trust: 0.1

sources: VULMON: CVE-2021-20680 // CNNVD: CNNVD-202104-630 // NVD: CVE-2021-20680

REFERENCES

url:https://jpn.nec.com/security-info/secinfo/nv21-008.html

Trust: 1.7

url:https://jvn.jp/en/jp/jvn67456944/index.html

Trust: 1.7

url:https://jvndb.jvn.jp/en/contents/2021/jvndb-2021-000028.html

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-20680

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/79.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2021-20680 // CNNVD: CNNVD-202104-630 // NVD: CVE-2021-20680

SOURCES

db:VULMONid:CVE-2021-20680
db:CNNVDid:CNNVD-202104-630
db:NVDid:CVE-2021-20680

LAST UPDATE DATE

2024-11-23T21:34:43.386000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2021-20680date:2021-05-05T00:00:00
db:CNNVDid:CNNVD-202104-630date:2021-05-28T00:00:00
db:NVDid:CVE-2021-20680date:2024-11-21T05:46:59.873

SOURCES RELEASE DATE

db:VULMONid:CVE-2021-20680date:2021-04-26T00:00:00
db:CNNVDid:CNNVD-202104-630date:2021-04-09T00:00:00
db:NVDid:CVE-2021-20680date:2021-04-26T01:15:07.770