Cross-Site Scripting Vulnerability in NEC Aterm Devices
CVE-2021-20680

6.1MEDIUM

Key Information:

Vendor: Nec Corporation
Status: Nec Aterm Devices
Vendor: CVE Published:; 26 April 2021

🔔 Create Nec Corporation Vulnerability Alert

What is CVE-2021-20680?

A cross-site scripting vulnerability exists in NEC Aterm devices that allows remote attackers to inject arbitrary script or HTML. This vulnerability can be exploited via unspecified vectors, potentially compromising user data and system integrity. The following Aterm device firmware versions are affected, allowing attackers to exploit the vulnerability and manipulate user sessions or steal sensitive information.

Affected Version(s)

NEC Aterm devices Aterm WG1900HP2 firmware Ver.1.3.1 and earlier, Aterm WG1900HP firmware Ver.2.5.1 and earlier, Aterm WG1800HP4 firmware Ver.1.3.1 and earlier, Aterm WG1800HP3 firmware Ver.1.5.1 and earlier, Aterm WG1200HS2 firmware Ver.2.5.0 and earlier, Aterm WG1200HP3 firmware Ver.1.3.1 and earlier, Aterm WG1200HP2 firmware Ver.2.5.0 and earlier, Aterm W1200EX firmware Ver.1.3.1 and earlier, Aterm W1200EX-MS firmware Ver.1.3.1 and earlier, Aterm WG1200HS firmware all versions Aterm WG1200HP firmware all versions Aterm WF800HP firmware all versions Aterm WF300HP2 firmware all versions Aterm WR8165N firmware all versions Aterm W500P firmware all versions, and Aterm W300P firmware all versions

References

https://jpn.nec.com/security-info/secinfo/nv21-008.html

x_refsource_MISC

https://jvn.jp/en/jp/JVN67456944/index.html

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 26, 2021
Vulnerability Reserved
Dec 17, 2020