Cross-Site Scripting Vulnerability in Aterm WF800HP Firmware
CVE-2021-20620

6.1MEDIUM

Key Information:

Vendor

Nec Corporation

Status
Aterm Wf800HP
Vendor
CVE Published:
28 January 2021

What is CVE-2021-20620?

The Aterm WF800HP firmware versions up to and including Ver1.0.9 are exposed to a cross-site scripting vulnerability that enables remote attackers to execute arbitrary scripts through unspecified vectors. This vulnerability poses a serious threat to user data integrity and safety, necessitating immediate attention and remediation to protect against potential exploitation.

Affected Version(s)

Aterm WF800HP Aterm WF800HP firmware Ver1.0.9 and earlier

References

https://www.aterm.jp/support/tech/2019/0328.html
x_refsource_MISC
https://jpn.nec.com/security-info/secinfo/nv21-005.html
x_refsource_MISC
https://jvn.jp/en/jp/JVN38248512/index.html
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.