Details of VAR-202104-0486

ID

VAR-202104-0486

CVE

CVE-2021-20712

TITLE

NEC Aterm Information Disclosure Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2021-29993

DESCRIPTION

Improper access control vulnerability in NEC Aterm WG2600HS firmware Ver1.5.1 and earlier, and Aterm WX3000HP firmware Ver1.1.2 and earlier allows a device connected to the LAN side to be accessed from the WAN side due to the defect in the IPv6 firewall function. NEC Aterm is a wireless router of NEC Corporation. NEC Aterm has an information disclosure vulnerability that allows remote users to execute arbitrary shell commands on the target system. No detailed vulnerability details are currently provided

Trust: 1.53

sources: NVD: CVE-2021-20712 // CNVD: CNVD-2021-29993 // VULMON: CVE-2021-20712

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-29993

AFFECTED PRODUCTS

vendor:	nec	model:	aterm wx3000hp	scope:	lte	version:	1.1.2	Trust: 1.0
vendor:	nec	model:	aterm wg2600hs	scope:	lte	version:	1.5.1	Trust: 1.0
vendor:	nec	model:	aterm wf1200cr	scope:	eq	version:	1.3.2	Trust: 0.6
vendor:	nec	model:	aterm wf1200cr	scope:	eq	version:	1.3.3	Trust: 0.6
vendor:	nec	model:	aterm wf1200cr	scope:	eq	version:	1.5.1	Trust: 0.6

sources: CNVD: CNVD-2021-29993 // NVD: CVE-2021-20712

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-20712
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2021-29993
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202104-623
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2021-20712
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-20712
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2021-29993
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-20712
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2021-29993 // VULMON: CVE-2021-20712 // CNNVD: CNNVD-202104-623 // NVD: CVE-2021-20712

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2021-20712

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-623

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-623

PATCH

title:	Patch for NEC Aterm Information Disclosure Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/260281	Trust: 0.6
title:	NEC Aterm Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147079	Trust: 0.6

sources: CNVD: CNVD-2021-29993 // CNNVD: CNNVD-202104-623

EXTERNAL IDS

db:	NVD	id:	CVE-2021-20712	Trust: 2.3
db:	JVN	id:	JVN29739718	Trust: 1.7
db:	JVNDB	id:	JVNDB-2021-000030	Trust: 1.2
db:	CNVD	id:	CNVD-2021-29993	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-623	Trust: 0.6
db:	VULMON	id:	CVE-2021-20712	Trust: 0.1

sources: CNVD: CNVD-2021-29993 // VULMON: CVE-2021-20712 // CNNVD: CNNVD-202104-623 // NVD: CVE-2021-20712

REFERENCES

url:	https://jvn.jp/en/jp/jvn29739718/index.html	Trust: 1.7
url:	https://jpn.nec.com/security-info/secinfo/nv21-010.html	Trust: 1.7
url:	https://jvndb.jvn.jp/en/contents/2021/jvndb-2021-000030.html	Trust: 1.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20712	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/863.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2021-29993 // VULMON: CVE-2021-20712 // CNNVD: CNNVD-202104-623 // NVD: CVE-2021-20712

SOURCES

db:	CNVD	id:	CNVD-2021-29993
db:	VULMON	id:	CVE-2021-20712
db:	CNNVD	id:	CNNVD-202104-623
db:	NVD	id:	CVE-2021-20712

LAST UPDATE DATE

2024-08-14T13:43:34.514000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-29993	date:	2021-04-22T00:00:00
db:	VULMON	id:	CVE-2021-20712	date:	2021-05-05T00:00:00
db:	CNNVD	id:	CNNVD-202104-623	date:	2022-07-14T00:00:00
db:	NVD	id:	CVE-2021-20712	date:	2022-07-12T17:42:04.277

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-29993	date:	2021-04-22T00:00:00
db:	VULMON	id:	CVE-2021-20712	date:	2021-04-26T00:00:00
db:	CNNVD	id:	CNNVD-202104-623	date:	2021-04-09T00:00:00
db:	NVD	id:	CVE-2021-20712	date:	2021-04-26T01:15:08.060