Improper Access Control in NEC Aterm Routers and Firewalls
CVE-2021-20712

5.3MEDIUM

Key Information:

Vendor: Nec Corporation
Status: Nec Aterm Devices
Vendor: CVE Published:; 26 April 2021

🔔 Create Nec Corporation Vulnerability Alert

What is CVE-2021-20712?

An improper access control vulnerability in NEC Aterm routers, including the WG2600HS and WX3000HP models, allows unauthorized access from the WAN to devices on the LAN side. This flaw arises due to deficiencies in the IPv6 firewall, creating potential risks for network security. Users with affected firmware versions are advised to update promptly to mitigate exposure to potential threats.

Affected Version(s)

NEC Aterm devices Aterm WG2600HS firmware Ver1.5.1 and earlier, and Aterm WX3000HP firmware Ver1.1.2 and earlier

References

https://jpn.nec.com/security-info/secinfo/nv21-010.html

x_refsource_MISC

https://jvn.jp/en/jp/JVN29739718/index.html

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 26, 2021
Vulnerability Reserved
Dec 17, 2020