Remote Code Execution Vulnerability in UNIVERGE Wireless Access Points by NEC
CVE-2022-25621

9.8CRITICAL

Key Information:

Vendor: Nec Platforms, Ltd.
Status: Univerge Dt
Vendor: CVE Published:; 11 March 2022

🔔 Create Nec Platforms, Ltd. Vulnerability Alert

What is CVE-2022-25621?

A remote code execution vulnerability exists in the UNIVERGE WA series of wireless access points from NEC, allowing attackers to execute arbitrary operating system commands. This vulnerability affects multiple versions, making it essential for users to promptly evaluate their systems and apply necessary patches to safeguard against potential exploitation.

Affected Version(s)

UNIVERGE DT UNIVERGE WA 1020 Ver8.2.11 and prior, UNIVERGE WA 1510 Ver8.2.11 and prior, UNIVERGE WA 1511 Ver8.2.11 and prior, UNIVERGE WA 1512 Ver8.2.11 and prior, UNIVERGE WA 2020 Ver8.2.11 and prior, UNIVERGE WA 2021 Ver8.2.11 and prior, UNIVERGE WA 2610-AP Ver8.2.11 and prior, UNIVERGE WA 2611-AP Ver8.2.11 and prior, UNIVERGE WA 2611E-AP Ver8.2.11 and prior, UNIVERGE WA WA2612-AP Ver8.2.11 and prior,

References

https://jpn.nec.com/security-info/secinfo/nv22-004_en.html

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 11, 2022
Vulnerability Reserved
Feb 21, 2022

CVE-2022-25621 Data

JSON