Improper Limitation of Pathname in NEC Aterm Routers
CVE-2023-3330

4.3MEDIUM

Key Information:

Vendor: Nec Corporation
Status: Aterm Wg2600HP2; Aterm Wg2600HP; Aterm Wg2200HP; Aterm Wg1800HP2
Vendor: CVE Published:; 28 June 2023

🔔 Create Nec Corporation Vulnerability Alert

What is CVE-2023-3330?

An improper limitation of pathname vulnerability has been identified in NEC Corporation's Aterm routers, including various models such as WG2600HP2 and WR9500N. This vulnerability may allow an attacker to access specific files on the affected devices, potentially leading to information disclosure. Users of these products should assess their exposure, review the recommended security practices, and consider applying any updates or patches provided by NEC Corporation to mitigate this risk. For detailed information, refer to the official security advisory from NEC.

Affected Version(s)

Aterm WF300HP all versions

Aterm WG1400HP all versions

Aterm WG1800HP all versions

References

https://jpn.nec.com/security-info/secinfo/nv23-007_en.html

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 28, 2023
Vulnerability Reserved
Jun 20, 2023

Credit

Mr. Taizoh Tsukamoto in Mitsui Bussan Secure Directions, Inc.