OS Command Injection Vulnerability in NEC Aterm Routers
CVE-2023-3333
7.2HIGH
What is CVE-2023-3333?
An OS command injection vulnerability exists in various NEC Aterm routers due to improper neutralization of special elements in OS commands. This flaw allows attackers to execute arbitrary commands with root privileges after exploiting related vulnerabilities. If left unaddressed, it could lead to unauthorized access and control over the affected devices, raising significant security concerns for users and potentially compromising network integrity.
Affected Version(s)
Aterm WF300HP all versions
Aterm WG1400HP all versions
Aterm WG1800HP all versions
References
CVSS V3.1
Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Mr. Taizoh Tsukamoto in Mitsui Bussan Secure Directions, Inc.