Details of VAR-202104-0482

ID

VAR-202104-0482

CVE

CVE-2021-20708

TITLE

NEC Aterm WF1200C Operating system command injection vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-628

DESCRIPTION

NEC Aterm devices (Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier) allow authenticated attackers to execute arbitrary OS commands by sending a specially crafted request to a specific URL

Trust: 0.99

sources: NVD: CVE-2021-20708 // VULMON: CVE-2021-20708

AFFECTED PRODUCTS

vendor:	nec	model:	aterm wf1200cr	scope:	lte	version:	1.3.2	Trust: 1.0
vendor:	nec	model:	aterm wg1200cr	scope:	lte	version:	1.3.3	Trust: 1.0
vendor:	nec	model:	aterm wg2600hs	scope:	lte	version:	1.5.1	Trust: 1.0

sources: NVD: CVE-2021-20708

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-20708
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202104-628
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-20708
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-20708
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1

nvd@nist.gov:	CVE-2021-20708
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULMON: CVE-2021-20708 // CNNVD: CNNVD-202104-628 // NVD: CVE-2021-20708

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.0

sources: NVD: CVE-2021-20708

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-628

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202104-628

PATCH

title:	NEC Aterm Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147084	Trust: 0.6
title:	CVE-2021-20708	url:	https://github.com/GoogleProjectZer0/CVE-2021-20708	Trust: 0.1

sources: VULMON: CVE-2021-20708 // CNNVD: CNNVD-202104-628

EXTERNAL IDS

db:	JVN	id:	JVN29739718	Trust: 1.7
db:	NVD	id:	CVE-2021-20708	Trust: 1.7
db:	JVNDB	id:	JVNDB-2021-000030	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-628	Trust: 0.6
db:	VULMON	id:	CVE-2021-20708	Trust: 0.1

sources: VULMON: CVE-2021-20708 // CNNVD: CNNVD-202104-628 // NVD: CVE-2021-20708

REFERENCES

url:	https://jvn.jp/en/jp/jvn29739718/index.html	Trust: 1.7
url:	https://jpn.nec.com/security-info/secinfo/nv21-010.html	Trust: 1.7
url:	https://jvndb.jvn.jp/en/contents/2021/jvndb-2021-000030.html	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20708	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/78.html	Trust: 0.1
url:	https://github.com/googleprojectzer0/cve-2021-20708	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2021-20708 // CNNVD: CNNVD-202104-628 // NVD: CVE-2021-20708

SOURCES

db:	VULMON	id:	CVE-2021-20708
db:	CNNVD	id:	CNNVD-202104-628
db:	NVD	id:	CVE-2021-20708

LAST UPDATE DATE

2024-08-14T13:43:34.538000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-20708	date:	2021-05-05T00:00:00
db:	CNNVD	id:	CNNVD-202104-628	date:	2021-05-28T00:00:00
db:	NVD	id:	CVE-2021-20708	date:	2021-05-05T19:57:34.020

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-20708	date:	2021-04-26T00:00:00
db:	CNNVD	id:	CNNVD-202104-628	date:	2021-04-09T00:00:00
db:	NVD	id:	CVE-2021-20708	date:	2021-04-26T01:15:07.947