Cross-Site Request Forgery Vulnerability in Aterm Routers by NEC
CVE-2021-20621

8.8HIGH

Key Information:

Vendor

Nec Corporation

Status
Aterm Wg2600HP And Aterm Wg2600HP2
Vendor
CVE Published:
28 January 2021

What is CVE-2021-20621?

A cross-site request forgery (CSRF) vulnerability exists in the firmware of Aterm WG2600HP and Aterm WG2600HP2 routers. This flaw allows remote attackers to potentially hijack an administrator's authentication, which could enable them to execute unauthorized actions in the context of the administrator's session. Attackers can exploit this vulnerability via unspecified methods, compromising the security of affected devices.

Affected Version(s)

Aterm WG2600HP and Aterm WG2600HP2 Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier

References

https://www.aterm.jp/support/tech/2019/0328.html
x_refsource_MISC
https://jpn.nec.com/security-info/secinfo/nv21-005.html
x_refsource_MISC
https://jvn.jp/en/jp/JVN38248512/index.html
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.