Details of VAR-202104-0483

ID

VAR-202104-0483

CVE

CVE-2021-20709

TITLE

NEC Aterm WF1200C Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202104-626

DESCRIPTION

Improper validation of integrity check value vulnerability in NEC Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier allows an attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to a specific URL

Trust: 0.99

sources: NVD: CVE-2021-20709 // VULMON: CVE-2021-20709

AFFECTED PRODUCTS

vendor:	nec	model:	aterm wf1200cr	scope:	lte	version:	1.3.2	Trust: 1.0
vendor:	nec	model:	aterm wg1200cr	scope:	lte	version:	1.3.3	Trust: 1.0
vendor:	nec	model:	aterm wg2600hs	scope:	lte	version:	1.5.1	Trust: 1.0

sources: NVD: CVE-2021-20709

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-20709
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202104-626
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-20709
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-20709
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1

nvd@nist.gov:	CVE-2021-20709
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULMON: CVE-2021-20709 // CNNVD: CNNVD-202104-626 // NVD: CVE-2021-20709

PROBLEMTYPE DATA

problemtype:

CWE-354

Trust: 1.0

sources: NVD: CVE-2021-20709

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-626

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-626

PATCH

title:

NEC Aterm Security vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147082

Trust: 0.6

sources: CNNVD: CNNVD-202104-626

EXTERNAL IDS

db:	JVN	id:	JVN29739718	Trust: 1.7
db:	NVD	id:	CVE-2021-20709	Trust: 1.7
db:	JVNDB	id:	JVNDB-2021-000030	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-626	Trust: 0.6
db:	VULMON	id:	CVE-2021-20709	Trust: 0.1

sources: VULMON: CVE-2021-20709 // CNNVD: CNNVD-202104-626 // NVD: CVE-2021-20709

REFERENCES

url:	https://jvn.jp/en/jp/jvn29739718/index.html	Trust: 1.7
url:	https://jpn.nec.com/security-info/secinfo/nv21-010.html	Trust: 1.7
url:	https://jvndb.jvn.jp/en/contents/2021/jvndb-2021-000030.html	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20709	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/354.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2021-20709 // CNNVD: CNNVD-202104-626 // NVD: CVE-2021-20709

SOURCES

db:	VULMON	id:	CVE-2021-20709
db:	CNNVD	id:	CNNVD-202104-626
db:	NVD	id:	CVE-2021-20709

LAST UPDATE DATE

2024-08-14T13:43:34.472000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-20709	date:	2021-05-05T00:00:00
db:	CNNVD	id:	CNNVD-202104-626	date:	2021-05-06T00:00:00
db:	NVD	id:	CVE-2021-20709	date:	2021-05-05T20:02:07.637

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-20709	date:	2021-04-26T00:00:00
db:	CNNVD	id:	CNNVD-202104-626	date:	2021-04-09T00:00:00
db:	NVD	id:	CVE-2021-20709	date:	2021-04-26T01:15:07.977