Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    15 vulnerabilities by aterm

    VAR-201604-0383

    Vulnerability from variot - Updated: 2023-12-18 14:01

    Cross-site request forgery (CSRF) vulnerability on NEC Aterm WF800HP devices with firmware 1.0.17 and earlier allows remote attackers to hijack the authentication of arbitrary users. Satoshi Ogawa of Mitsui Bussan Secure Directions,Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged in, unintended operations may be performed. NECAtermWF800HP is a wireless router product from NEC. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. Aterm WF800HP 1.0.17 is vulnerable; other versions may also be affected

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201604-0383",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wf800hp",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "aterm",
            "version": "1.0.17"
          },
          {
            "model": "aterm wf800hp",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "nec",
            "version": "firmware ver1.0.17"
          },
          {
            "model": "aterm wf800hp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "nec",
            "version": "1.0.17"
          },
          {
            "model": "wf800hp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "aterm",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01964"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000035"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1168"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201603-430"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:aterm:wf800hp:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:aterm:wf800hp_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.0.17",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-1168"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Satoshi Ogawa of Mitsui Bussan Secure Directions,Inc.",
        "sources": [
          {
            "db": "BID",
            "id": "85740"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201603-430"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2016-1168",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "High",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 4.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2016-000035",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 4.9,
                "id": "CNVD-2016-01964",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-89987",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 7.1,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2016-000035",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2016-1168",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2016-000035",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2016-01964",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201603-430",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-89987",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01964"
          },
          {
            "db": "VULHUB",
            "id": "VHN-89987"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000035"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1168"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201603-430"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross-site request forgery (CSRF) vulnerability on NEC Aterm WF800HP devices with firmware 1.0.17 and earlier allows remote attackers to hijack the authentication of arbitrary users. Satoshi Ogawa of Mitsui Bussan Secure Directions,Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged in, unintended operations may be performed. NECAtermWF800HP is a wireless router product from NEC. \nExploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. \nAterm WF800HP 1.0.17 is vulnerable; other versions may also be affected",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-1168"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000035"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-01964"
          },
          {
            "db": "BID",
            "id": "85740"
          },
          {
            "db": "VULHUB",
            "id": "VHN-89987"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-1168",
            "trust": 3.4
          },
          {
            "db": "JVN",
            "id": "JVN07818796",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000035",
            "trust": 3.1
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201603-430",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-01964",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "85740",
            "trust": 0.4
          },
          {
            "db": "VULHUB",
            "id": "VHN-89987",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01964"
          },
          {
            "db": "VULHUB",
            "id": "VHN-89987"
          },
          {
            "db": "BID",
            "id": "85740"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000035"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1168"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201603-430"
          }
        ]
      },
      "id": "VAR-201604-0383",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01964"
          },
          {
            "db": "VULHUB",
            "id": "VHN-89987"
          }
        ],
        "trust": 1.075
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01964"
          }
        ]
      },
      "last_update_date": "2023-12-18T14:01:47.256000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Aterm Security Advisory [Update:2016/04/06]",
            "trust": 0.8,
            "url": "http://www.aterm.jp/support/tech/2016/0330.html"
          },
          {
            "title": "NV16-004",
            "trust": 0.8,
            "url": "http://jpn.nec.com/security-info/secinfo/nv16-004.html"
          },
          {
            "title": "NECAtermWF800HP cross-site request forgery vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/73504"
          },
          {
            "title": "NEC Aterm WF800HP Fixes for cross-site request forgery vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=60724"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01964"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000035"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201603-430"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-352",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-89987"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000035"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1168"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "http://jvn.jp/en/jp/jvn07818796/index.html"
          },
          {
            "trust": 1.7,
            "url": "http://jpn.nec.com/security-info/secinfo/nv16-004.html"
          },
          {
            "trust": 1.7,
            "url": "http://jvndb.jvn.jp/jvndb/jvndb-2016-000035"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1168"
          },
          {
            "trust": 0.8,
            "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1168"
          },
          {
            "trust": 0.6,
            "url": "http://jvndb.jvn.jp/en/contents/2016/jvndb-2016-000035.html"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01964"
          },
          {
            "db": "VULHUB",
            "id": "VHN-89987"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000035"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1168"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201603-430"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01964"
          },
          {
            "db": "VULHUB",
            "id": "VHN-89987"
          },
          {
            "db": "BID",
            "id": "85740"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000035"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1168"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201603-430"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-04-01T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-01964"
          },
          {
            "date": "2016-04-01T00:00:00",
            "db": "VULHUB",
            "id": "VHN-89987"
          },
          {
            "date": "2016-03-30T00:00:00",
            "db": "BID",
            "id": "85740"
          },
          {
            "date": "2016-03-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-000035"
          },
          {
            "date": "2016-04-01T14:59:01.483000",
            "db": "NVD",
            "id": "CVE-2016-1168"
          },
          {
            "date": "2016-03-31T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201603-430"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-04-01T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-01964"
          },
          {
            "date": "2016-04-01T00:00:00",
            "db": "VULHUB",
            "id": "VHN-89987"
          },
          {
            "date": "2016-03-30T00:00:00",
            "db": "BID",
            "id": "85740"
          },
          {
            "date": "2016-04-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-000035"
          },
          {
            "date": "2016-04-01T18:16:50.330000",
            "db": "NVD",
            "id": "CVE-2016-1168"
          },
          {
            "date": "2016-04-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201603-430"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201603-430"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "NEC Aterm WF800HP Cross-Site Request Forgery Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01964"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201603-430"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "cross-site request forgery",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201603-430"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202104-0484

    Vulnerability from variot - Updated: 2023-12-18 13:17

    Cross-site scripting vulnerability in Aterm WG2600HS firmware Ver1.5.1 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors. Provided by NEC Corporation Aterm WF1200CR , Aterm WG1200CR , Aterm WG2600HS and Aterm WX3000HP There are multiple vulnerabilities in. Aterm WF1200CR , Aterm WG1200CR and Aterm WG2600HS ・ OS Command injection (CWE-78) - CVE-2021-20708 ・ Insufficient integrity verification of downloaded file (CWE-354) - CVE-2021-20709Aterm WG2600HS ・ Cross-site scripting (CWE-79) - CVE-2021-20710 ・ OS Command injection (CWE-78) - CVE-2021-20711Aterm WG2600HS and WX3000HP ・ Inadequate access restrictions (CWE-284) - CVE-2021-20712CVE-2021-20708 , CVE-2021-20709 This vulnerability information is provided by the following persons based on Information Security Early Warning Partnership: IPA Report to JPCERT/CC Coordinated with the developers. Reporter : Mitsui Bussan Secure Direction Co., Ltd. Tsukamoto Taizo Mr CVE-2021-20710 , CVE-2021-20711 This vulnerability information is provided by the following persons based on Information Security Early Warning Partnership: IPA Report to JPCERT/CC Coordinated with the developers. Reporter : Cyber Defense Institute, Inc. Nagaoka Satoru Mr CVE-2021-20712 This vulnerability information is provided by the following persons based on Information Security Early Warning Partnership: IPA Report to JPCERT/CC Coordinated with the developers. Reporter : Kato Yoshimitsu MrThe expected impact depends on each vulnerability, but it may be affected as follows. -While logged in to the management page of the product, a specific URL Any command can be executed by sending a specially crafted request to - CVE-2021-20708 -Any command can be executed by loading a specially crafted configuration file while logged in to the management page of the product. - CVE-2021-20709 -Any script is executed on the web browser of the user who accessed the product. - CVE-2021-20710 -Any command is executed by an attacker who accesses the management page of the product. - CVE-2021-20711 ・ IPv6 There is a problem with the firewall function, LAN The device connected to the side WAN Accessed from an external network such as - CVE-2021-20712

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202104-0484",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wg2600hs",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "aterm",
            "version": "1.5.1"
          },
          {
            "model": "aterm wf1200cr",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u672c\u96fb\u6c17",
            "version": null
          },
          {
            "model": "aterm wg1200cr",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u672c\u96fb\u6c17",
            "version": null
          },
          {
            "model": "aterm wg2600hs",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u672c\u96fb\u6c17",
            "version": null
          },
          {
            "model": "aterm wx3000hp",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u672c\u96fb\u6c17",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000030"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20710"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:aterm:wg2600hs_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.5.1",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:aterm:wg2600hs:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-20710"
          }
        ]
      },
      "cve": "CVE-2021-20710",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "High",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 2.6,
                "confidentialityImpact": "None",
                "explitabilityScore": null,
                "id": "JVNDB-2021-000030",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULMON",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2021-20710",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.1,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 6.1,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000030",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2021-20710",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2021-000030",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202104-629",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-20710",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-20710"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000030"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20710"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-629"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross-site scripting vulnerability in Aterm WG2600HS firmware Ver1.5.1 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors. Provided by NEC Corporation Aterm WF1200CR , Aterm WG1200CR , Aterm WG2600HS and Aterm WX3000HP There are multiple vulnerabilities in. Aterm WF1200CR , Aterm WG1200CR and Aterm WG2600HS \u30fb OS Command injection (CWE-78) - CVE-2021-20708 \u30fb Insufficient integrity verification of downloaded file (CWE-354) - CVE-2021-20709Aterm WG2600HS \u30fb Cross-site scripting (CWE-79) - CVE-2021-20710 \u30fb OS Command injection (CWE-78) - CVE-2021-20711Aterm WG2600HS and WX3000HP \u30fb Inadequate access restrictions (CWE-284) - CVE-2021-20712CVE-2021-20708 , CVE-2021-20709 This vulnerability information is provided by the following persons based on Information Security Early Warning Partnership: IPA Report to JPCERT/CC Coordinated with the developers. Reporter : Mitsui Bussan Secure Direction Co., Ltd. Tsukamoto Taizo Mr CVE-2021-20710 , CVE-2021-20711 This vulnerability information is provided by the following persons based on Information Security Early Warning Partnership: IPA Report to JPCERT/CC Coordinated with the developers. Reporter : Cyber Defense Institute, Inc. Nagaoka Satoru Mr CVE-2021-20712 This vulnerability information is provided by the following persons based on Information Security Early Warning Partnership: IPA Report to JPCERT/CC Coordinated with the developers. Reporter : Kato Yoshimitsu MrThe expected impact depends on each vulnerability, but it may be affected as follows. -While logged in to the management page of the product, a specific URL Any command can be executed by sending a specially crafted request to - CVE-2021-20708 -Any command can be executed by loading a specially crafted configuration file while logged in to the management page of the product. - CVE-2021-20709 -Any script is executed on the web browser of the user who accessed the product. - CVE-2021-20710 -Any command is executed by an attacker who accesses the management page of the product. - CVE-2021-20711 \u30fb IPv6 There is a problem with the firewall function, LAN The device connected to the side WAN Accessed from an external network such as - CVE-2021-20712",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-20710"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000030"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-20710"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "JVN",
            "id": "JVN29739718",
            "trust": 2.5
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20710",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000030",
            "trust": 1.4
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-629",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-20710",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-20710"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000030"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20710"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-629"
          }
        ]
      },
      "id": "VAR-202104-0484",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.39656106333333335
      },
      "last_update_date": "2023-12-18T13:17:53.060000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "WF1200CR \u30fb WG1200CR \u30fb WG2600HS \u30fb WX3000HP About security improvement in  NEC Product security information",
            "trust": 0.8,
            "url": "https://www.aterm.jp/support/tech/2021/0324.html"
          },
          {
            "title": "NEC Aterm Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=147085"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000030"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-629"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.0
          },
          {
            "problemtype": "OS Command injection (CWE-78) [IPA Evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " Cross-site scripting (CWE-79) [IPA Evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " Incorrect input confirmation (CWE-20) [IPA Evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " Inappropriate access control (CWE-284) [IPA Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000030"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20710"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://jvn.jp/en/jp/jvn29739718/index.html"
          },
          {
            "trust": 1.7,
            "url": "https://jpn.nec.com/security-info/secinfo/nv21-010.html"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/jp/jvn29739718/index.html"
          },
          {
            "trust": 0.6,
            "url": "https://jvndb.jvn.jp/en/contents/2021/jvndb-2021-000030.html"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20710"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/79.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-20710"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000030"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20710"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-629"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2021-20710"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000030"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20710"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-629"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-04-26T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-20710"
          },
          {
            "date": "2021-04-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-000030"
          },
          {
            "date": "2021-04-26T01:15:08.003000",
            "db": "NVD",
            "id": "CVE-2021-20710"
          },
          {
            "date": "2021-04-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-629"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-04-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-20710"
          },
          {
            "date": "2021-04-09T05:21:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-000030"
          },
          {
            "date": "2021-04-28T14:34:11.613000",
            "db": "NVD",
            "id": "CVE-2021-20710"
          },
          {
            "date": "2021-04-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-629"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-629"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Aterm\u00a0WF1200CR , Aterm\u00a0WG1200CR , Aterm\u00a0WG2600HS\u00a0 and \u00a0Aterm\u00a0WX3000HP\u00a0 Multiple vulnerabilities in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000030"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-629"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201604-0382

    Vulnerability from variot - Updated: 2023-12-18 12:20

    Cross-site request forgery (CSRF) vulnerability on NEC Aterm WG300HP devices allows remote attackers to hijack the authentication of arbitrary users. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged in, unintended operations may be performed. NECAtermWG300HP is a wireless router product from NEC. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. Aterm WG300HP is vulnerable; other versions may also be affected

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201604-0382",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wg300hp",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "aterm",
            "version": "1.0.8"
          },
          {
            "model": "aterm wg300hp",
            "scope": null,
            "trust": 0.8,
            "vendor": "nec",
            "version": null
          },
          {
            "model": "wg300hp",
            "scope": null,
            "trust": 0.6,
            "vendor": "nec",
            "version": null
          },
          {
            "model": "wg300hp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "aterm",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01963"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000036"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1167"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201603-429"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:aterm:wg300hp:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:aterm:wg300hp_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.0.8",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-1167"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc.",
        "sources": [
          {
            "db": "BID",
            "id": "85741"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201603-429"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2016-1167",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "High",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "Partial",
                "baseScore": 2.6,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2016-000036",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 4.9,
                "id": "CNVD-2016-01963",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-89986",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "Low",
                "baseScore": 4.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2016-000036",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2016-1167",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2016-000036",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2016-01963",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201603-429",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-89986",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01963"
          },
          {
            "db": "VULHUB",
            "id": "VHN-89986"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000036"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1167"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201603-429"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross-site request forgery (CSRF) vulnerability on NEC Aterm WG300HP devices allows remote attackers to hijack the authentication of arbitrary users. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged in, unintended operations may be performed. NECAtermWG300HP is a wireless router product from NEC. \nExploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. \nAterm WG300HP is vulnerable; other versions may also be affected",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-1167"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000036"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-01963"
          },
          {
            "db": "BID",
            "id": "85741"
          },
          {
            "db": "VULHUB",
            "id": "VHN-89986"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-1167",
            "trust": 3.4
          },
          {
            "db": "JVN",
            "id": "JVN82020528",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000036",
            "trust": 3.1
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201603-429",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-01963",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "85741",
            "trust": 0.4
          },
          {
            "db": "VULHUB",
            "id": "VHN-89986",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01963"
          },
          {
            "db": "VULHUB",
            "id": "VHN-89986"
          },
          {
            "db": "BID",
            "id": "85741"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000036"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1167"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201603-429"
          }
        ]
      },
      "id": "VAR-201604-0382",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01963"
          },
          {
            "db": "VULHUB",
            "id": "VHN-89986"
          }
        ],
        "trust": 1.7
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01963"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:20:35.260000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Aterm Security Advisory [Update:2016/04/06]",
            "trust": 0.8,
            "url": "http://www.aterm.jp/support/tech/2016/0330.html"
          },
          {
            "title": "NV16-005",
            "trust": 0.8,
            "url": "http://jpn.nec.com/security-info/secinfo/nv16-005.html"
          },
          {
            "title": "NEC Aterm WG300HP Fixes for cross-site request forgery vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=60723"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000036"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201603-429"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-352",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-89986"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000036"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1167"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "http://jvn.jp/en/jp/jvn82020528/index.html"
          },
          {
            "trust": 1.7,
            "url": "http://jpn.nec.com/security-info/secinfo/nv16-005.html"
          },
          {
            "trust": 1.7,
            "url": "http://jvndb.jvn.jp/jvndb/jvndb-2016-000036"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1167"
          },
          {
            "trust": 0.8,
            "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1167"
          },
          {
            "trust": 0.6,
            "url": "http://jvndb.jvn.jp/en/contents/2016/jvndb-2016-000036.html"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01963"
          },
          {
            "db": "VULHUB",
            "id": "VHN-89986"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000036"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1167"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201603-429"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01963"
          },
          {
            "db": "VULHUB",
            "id": "VHN-89986"
          },
          {
            "db": "BID",
            "id": "85741"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000036"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1167"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201603-429"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-04-01T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-01963"
          },
          {
            "date": "2016-04-01T00:00:00",
            "db": "VULHUB",
            "id": "VHN-89986"
          },
          {
            "date": "2016-03-30T00:00:00",
            "db": "BID",
            "id": "85741"
          },
          {
            "date": "2016-03-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-000036"
          },
          {
            "date": "2016-04-01T14:59:00.123000",
            "db": "NVD",
            "id": "CVE-2016-1167"
          },
          {
            "date": "2016-03-31T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201603-429"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-04-01T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-01963"
          },
          {
            "date": "2016-04-01T00:00:00",
            "db": "VULHUB",
            "id": "VHN-89986"
          },
          {
            "date": "2016-03-30T00:00:00",
            "db": "BID",
            "id": "85741"
          },
          {
            "date": "2016-04-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-000036"
          },
          {
            "date": "2016-04-01T18:17:15.450000",
            "db": "NVD",
            "id": "CVE-2016-1167"
          },
          {
            "date": "2016-04-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201603-429"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201603-429"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "NEC Aterm WG300HP Cross-Site Request Forgery Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01963"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201603-429"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "cross-site request forgery",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201603-429"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202101-0875

    Vulnerability from variot - Updated: 2023-12-18 12:01

    Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Provided by NEC Corporation Aterm WF800HP , Aterm WG2600HP and Aterm WG2600HP2 There are multiple vulnerabilities in. Aterm WF800HP ・ Cross-site scripting (CWE-79) - CVE-2021-20620Aterm WG2600HP and Aterm WG2600HP2 ・ Inadequate access restrictions (CWE-284) - CVE-2017-12575 ・ Cross-site request forgery (CWE-352) - CVE-2021-20621 ・ Cross-site scripting (CWE-79) - CVE-2021-20622CVE-2021-20620 This vulnerability information is provided by the following persons based on Information Security Early Warning Partnership: IPA Report to JPCERT/CC Coordinated with the developers. Reporter : Cyber Defense Institute, Inc. Nagaoka Satoru Mr CVE-2021-20621, CVE-2021-20622 This vulnerability information is provided by the following persons based on Information Security Early Warning Partnership: IPA Report to JPCERT/CC Coordinated with the developers. Reporter : Cyber Defense Institute, Inc. Iwasaki Tokumei MrThe expected impact depends on each vulnerability, but it may be affected as follows. -Any script is executed on the web browser of the user who accessed the product. - CVE-2021-20620 ・ The setting information stored in the product may be stolen or changed by a remote third party. - CVE-2017-12575 -When a user logged in to the product accesses a specially crafted page, he / she is forced to perform an unintended operation. - CVE-2021-20621 -Any script is executed on the web browser of the user who is logged in to the product. - CVE-2021-20622

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202101-0875",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wg2600hp",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "aterm",
            "version": "1.0.2"
          },
          {
            "model": "wg2600hp2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "aterm",
            "version": "1.0.2"
          },
          {
            "model": "aterm wf800hp",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u65e5\u672c\u96fb\u6c17",
            "version": "firmware   all versions"
          },
          {
            "model": "aterm wg2600hp2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u672c\u96fb\u6c17",
            "version": null
          },
          {
            "model": "aterm wg2600hp",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u65e5\u672c\u96fb\u6c17",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000006"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20621"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:aterm:wg2600hp_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.0.2",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:aterm:wg2600hp:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:aterm:wg2600hp2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.0.2",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:aterm:wg2600hp2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-20621"
          }
        ]
      },
      "cve": "CVE-2021-20621",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": null,
                "accessComplexity": "High",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 2.6,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000006",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 1.6,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000006",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000006",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULMON",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2021-20621",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.1,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 6.1,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000006",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 1.6,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000006",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000006",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "IPA",
                "id": "JVNDB-2021-000006",
                "trust": 2.4,
                "value": "Medium"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-20621",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2021-000006",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202101-2029",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-20621",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-20621"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000006"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000006"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000006"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000006"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20621"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2029"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Provided by NEC Corporation Aterm WF800HP , Aterm WG2600HP and Aterm WG2600HP2 There are multiple vulnerabilities in. Aterm WF800HP \u30fb Cross-site scripting (CWE-79) - CVE-2021-20620Aterm WG2600HP and Aterm WG2600HP2 \u30fb Inadequate access restrictions (CWE-284) - CVE-2017-12575 \u30fb Cross-site request forgery (CWE-352) - CVE-2021-20621 \u30fb Cross-site scripting (CWE-79) - CVE-2021-20622CVE-2021-20620 This vulnerability information is provided by the following persons based on Information Security Early Warning Partnership: IPA Report to JPCERT/CC Coordinated with the developers. Reporter : Cyber Defense Institute, Inc. Nagaoka Satoru Mr CVE-2021-20621, CVE-2021-20622 This vulnerability information is provided by the following persons based on Information Security Early Warning Partnership: IPA Report to JPCERT/CC Coordinated with the developers. Reporter : Cyber Defense Institute, Inc. Iwasaki Tokumei MrThe expected impact depends on each vulnerability, but it may be affected as follows. -Any script is executed on the web browser of the user who accessed the product. - CVE-2021-20620 \u30fb The setting information stored in the product may be stolen or changed by a remote third party. - CVE-2017-12575 -When a user logged in to the product accesses a specially crafted page, he / she is forced to perform an unintended operation. - CVE-2021-20621 -Any script is executed on the web browser of the user who is logged in to the product. - CVE-2021-20622",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-20621"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000006"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-20621"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "JVN",
            "id": "JVN38248512",
            "trust": 2.5
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20621",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000006",
            "trust": 1.4
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2029",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-20621",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-20621"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000006"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20621"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2029"
          }
        ]
      },
      "id": "VAR-202101-0875",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.6875
      },
      "last_update_date": "2023-12-18T12:01:27.013000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Aterm\u00a0 series \u00a0 Multiple vulnerabilities in Support information",
            "trust": 0.8,
            "url": "https://jpn.nec.com/security-info/secinfo/nv21-005.html"
          },
          {
            "title": "Aterm Repair measures for cross-site request forgery vulnerabilities in multiple products",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=139979"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000006"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2029"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-352",
            "trust": 1.0
          },
          {
            "problemtype": "Cross-site scripting (CWE-79) [IPA Evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " Cross-site request forgery (CWE-352) [IPA Evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " Authorization / authority / access control (CWE-264) [IPA Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000006"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20621"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://jpn.nec.com/security-info/secinfo/nv21-005.html"
          },
          {
            "trust": 1.7,
            "url": "https://jvn.jp/en/jp/jvn38248512/index.html"
          },
          {
            "trust": 1.7,
            "url": "https://www.aterm.jp/support/tech/2019/0328.html"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/jp/jvn38248512/index.html"
          },
          {
            "trust": 0.6,
            "url": "https://jvndb.jvn.jp/en/contents/2021/jvndb-2021-000006.html"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20621"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/352.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195442"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-20621"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000006"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20621"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2029"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2021-20621"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000006"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20621"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2029"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-01-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-20621"
          },
          {
            "date": "2021-01-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-000006"
          },
          {
            "date": "2021-01-28T11:15:13.793000",
            "db": "NVD",
            "id": "CVE-2021-20621"
          },
          {
            "date": "2021-01-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-2029"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-02-01T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-20621"
          },
          {
            "date": "2021-02-03T03:04:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-000006"
          },
          {
            "date": "2021-02-01T18:22:05.780000",
            "db": "NVD",
            "id": "CVE-2021-20621"
          },
          {
            "date": "2021-02-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-2029"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2029"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Aterm\u00a0WF800HP , Aterm\u00a0WG2600HP\u00a0 and \u00a0Aterm\u00a0WG2600HP2\u00a0 Multiple vulnerabilities in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000006"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "cross-site request forgery",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2029"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201808-0125

    Vulnerability from variot - Updated: 2023-12-18 12:01

    An issue was discovered on the NEC Aterm WG2600HP2 1.0.2. The router has a set of web service APIs for access to and setup of the configuration. Some APIs don't require authentication. An attacker could exploit this vulnerability by sending a crafted HTTP request to retrieve DHCP clients, firmware version, and network status (ex.: curl -X http://[IP]/aterm_httpif.cgi/negotiate -d "REQ_ID=SUPPORT_IF_GET"). NEC Aterm WG2600HP2 Contains an access control vulnerability.Information may be obtained. The WG2600HP2 is a router product from NEC. A security vulnerability exists in NEC Aterm WG2600HP2 version 1.0.2

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201808-0125",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wg2600hp2",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "aterm",
            "version": "1.0.2"
          },
          {
            "model": "wg2600hp2",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec platforms",
            "version": "1.0.2"
          },
          {
            "model": "aterm wg2600hp2",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "nec",
            "version": "1.0.2"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-15843"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014241"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-12575"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-175"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:aterm:wg2600hp2_firmware:1.0.2:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:aterm:wg2600hp2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-12575"
          }
        ]
      },
      "cve": "CVE-2017-12575",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2017-12575",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-15843",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-103111",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2017-12575",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-12575",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-15843",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201708-175",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-103111",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-15843"
          },
          {
            "db": "VULHUB",
            "id": "VHN-103111"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014241"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-12575"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-175"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered on the NEC Aterm WG2600HP2 1.0.2. The router has a set of web service APIs for access to and setup of the configuration. Some APIs don\u0027t require authentication. An attacker could exploit this vulnerability by sending a crafted HTTP request to retrieve DHCP clients, firmware version, and network status (ex.: curl -X http://[IP]/aterm_httpif.cgi/negotiate -d \"REQ_ID=SUPPORT_IF_GET\"). NEC Aterm WG2600HP2 Contains an access control vulnerability.Information may be obtained. The WG2600HP2 is a router product from NEC. A security vulnerability exists in NEC Aterm WG2600HP2 version 1.0.2",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-12575"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014241"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-15843"
          },
          {
            "db": "VULHUB",
            "id": "VHN-103111"
          }
        ],
        "trust": 2.25
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-103111",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-103111"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-12575",
            "trust": 3.1
          },
          {
            "db": "JVN",
            "id": "JVN38248512",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014241",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-175",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-15843",
            "trust": 0.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000006",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "149061",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-103111",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-15843"
          },
          {
            "db": "VULHUB",
            "id": "VHN-103111"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014241"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-12575"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-175"
          }
        ]
      },
      "id": "VAR-201808-0125",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-15843"
          },
          {
            "db": "VULHUB",
            "id": "VHN-103111"
          }
        ],
        "trust": 1.7
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-15843"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:01:26.969000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Aterm WG2600HP2",
            "trust": 0.8,
            "url": "http://www.aterm.jp/product/atermstation/product/warpstar/wg2600hp2/index.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014241"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-306",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-284",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-103111"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014241"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-12575"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "http://seclists.org/fulldisclosure/2018/aug/26"
          },
          {
            "trust": 1.7,
            "url": "http://jvn.jp/en/jp/jvn38248512/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12575"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-12575"
          },
          {
            "trust": 0.6,
            "url": "https://jvndb.jvn.jp/en/contents/2021/jvndb-2021-000006.html"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-15843"
          },
          {
            "db": "VULHUB",
            "id": "VHN-103111"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014241"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-12575"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-175"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-15843"
          },
          {
            "db": "VULHUB",
            "id": "VHN-103111"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014241"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-12575"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-175"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-08-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-15843"
          },
          {
            "date": "2018-08-24T00:00:00",
            "db": "VULHUB",
            "id": "VHN-103111"
          },
          {
            "date": "2018-11-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014241"
          },
          {
            "date": "2018-08-24T19:29:00.800000",
            "db": "NVD",
            "id": "CVE-2017-12575"
          },
          {
            "date": "2017-08-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201708-175"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-08-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-15843"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-103111"
          },
          {
            "date": "2018-11-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-014241"
          },
          {
            "date": "2021-01-26T18:15:24.223000",
            "db": "NVD",
            "id": "CVE-2017-12575"
          },
          {
            "date": "2021-01-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201708-175"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-175"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "NEC Aterm WG2600HP2 Access control vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-014241"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "access control error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-175"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2016-1168 (GCVE-0-2016-1168)

    Vulnerability from nvd – Published: 2016-04-01 14:00 – Updated: 2024-08-05 22:48
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability on NEC Aterm WF800HP devices with firmware 1.0.17 and earlier allows remote attackers to hijack the authentication of arbitrary users.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://jvndb.jvn.jp/jvndb/JVNDB-2016-000035 third-party-advisoryx_refsource_JVNDB
    http://jvn.jp/en/jp/JVN07818796/index.html third-party-advisoryx_refsource_JVN
    http://jpn.nec.com/security-info/secinfo/nv16-004.html x_refsource_CONFIRM
    Date Public
    2016-03-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T22:48:13.404Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVNDB-2016-000035",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000035"
              },
              {
                "name": "JVN#07818796",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN07818796/index.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://jpn.nec.com/security-info/secinfo/nv16-004.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-03-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability on NEC Aterm WF800HP devices with firmware 1.0.17 and earlier allows remote attackers to hijack the authentication of arbitrary users."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-04-01T14:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVNDB-2016-000035",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000035"
            },
            {
              "name": "JVN#07818796",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN07818796/index.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://jpn.nec.com/security-info/secinfo/nv16-004.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2016-1168",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability on NEC Aterm WF800HP devices with firmware 1.0.17 and earlier allows remote attackers to hijack the authentication of arbitrary users."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVNDB-2016-000035",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000035"
                },
                {
                  "name": "JVN#07818796",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN07818796/index.html"
                },
                {
                  "name": "http://jpn.nec.com/security-info/secinfo/nv16-004.html",
                  "refsource": "CONFIRM",
                  "url": "http://jpn.nec.com/security-info/secinfo/nv16-004.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2016-1168",
        "datePublished": "2016-04-01T14:00:00.000Z",
        "dateReserved": "2015-12-26T00:00:00.000Z",
        "dateUpdated": "2024-08-05T22:48:13.404Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-1167 (GCVE-0-2016-1167)

    Vulnerability from nvd – Published: 2016-04-01 14:00 – Updated: 2024-08-05 22:48
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability on NEC Aterm WG300HP devices allows remote attackers to hijack the authentication of arbitrary users.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN82020528/index.html third-party-advisoryx_refsource_JVN
    http://jvndb.jvn.jp/jvndb/JVNDB-2016-000036 third-party-advisoryx_refsource_JVNDB
    http://jpn.nec.com/security-info/secinfo/nv16-005.html x_refsource_CONFIRM
    Date Public
    2016-03-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T22:48:13.341Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#82020528",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN82020528/index.html"
              },
              {
                "name": "JVNDB-2016-000036",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000036"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://jpn.nec.com/security-info/secinfo/nv16-005.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-03-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability on NEC Aterm WG300HP devices allows remote attackers to hijack the authentication of arbitrary users."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-04-01T14:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#82020528",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN82020528/index.html"
            },
            {
              "name": "JVNDB-2016-000036",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000036"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://jpn.nec.com/security-info/secinfo/nv16-005.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2016-1167",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability on NEC Aterm WG300HP devices allows remote attackers to hijack the authentication of arbitrary users."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#82020528",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN82020528/index.html"
                },
                {
                  "name": "JVNDB-2016-000036",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000036"
                },
                {
                  "name": "http://jpn.nec.com/security-info/secinfo/nv16-005.html",
                  "refsource": "CONFIRM",
                  "url": "http://jpn.nec.com/security-info/secinfo/nv16-005.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2016-1167",
        "datePublished": "2016-04-01T14:00:00.000Z",
        "dateReserved": "2015-12-26T00:00:00.000Z",
        "dateUpdated": "2024-08-05T22:48:13.341Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1142 (GCVE-0-2008-1142)

    Vulnerability from nvd – Published: 2008-04-07 17:00 – Updated: 2024-08-07 08:08
    VLAI
    Summary
    rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://article.gmane.org/gmane.comp.security.oss.… x_refsource_MISC
    http://secunia.com/advisories/30226 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/28512 vdb-entryx_refsource_BID
    http://secunia.com/advisories/30229 third-party-advisoryx_refsource_SECUNIA
    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469296 x_refsource_CONFIRM
    http://secunia.com/advisories/31687 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/30225 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/30227 third-party-advisoryx_refsource_SECUNIA
    http://security.gentoo.org/glsa/glsa-200805-03.xml vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/30224 third-party-advisoryx_refsource_SECUNIA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://secunia.com/advisories/29576 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2008-03-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:08:57.701Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SR:2008:017",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://article.gmane.org/gmane.comp.security.oss.general/122"
              },
              {
                "name": "30226",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30226"
              },
              {
                "name": "28512",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28512"
              },
              {
                "name": "30229",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30229"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469296"
              },
              {
                "name": "31687",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31687"
              },
              {
                "name": "30225",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30225"
              },
              {
                "name": "30227",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30227"
              },
              {
                "name": "GLSA-200805-03",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200805-03.xml"
              },
              {
                "name": "30224",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30224"
              },
              {
                "name": "MDVSA-2008:161",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:161"
              },
              {
                "name": "MDVSA-2008:221",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:221"
              },
              {
                "name": "29576",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29576"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-03-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections.  NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected.  NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-05-13T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SUSE-SR:2008:017",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://article.gmane.org/gmane.comp.security.oss.general/122"
            },
            {
              "name": "30226",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30226"
            },
            {
              "name": "28512",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28512"
            },
            {
              "name": "30229",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30229"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469296"
            },
            {
              "name": "31687",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31687"
            },
            {
              "name": "30225",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30225"
            },
            {
              "name": "30227",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30227"
            },
            {
              "name": "GLSA-200805-03",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200805-03.xml"
            },
            {
              "name": "30224",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30224"
            },
            {
              "name": "MDVSA-2008:161",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:161"
            },
            {
              "name": "MDVSA-2008:221",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:221"
            },
            {
              "name": "29576",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29576"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-1142",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections.  NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected.  NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SR:2008:017",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
                },
                {
                  "name": "http://article.gmane.org/gmane.comp.security.oss.general/122",
                  "refsource": "MISC",
                  "url": "http://article.gmane.org/gmane.comp.security.oss.general/122"
                },
                {
                  "name": "30226",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30226"
                },
                {
                  "name": "28512",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28512"
                },
                {
                  "name": "30229",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30229"
                },
                {
                  "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469296",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469296"
                },
                {
                  "name": "31687",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31687"
                },
                {
                  "name": "30225",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30225"
                },
                {
                  "name": "30227",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30227"
                },
                {
                  "name": "GLSA-200805-03",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200805-03.xml"
                },
                {
                  "name": "30224",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30224"
                },
                {
                  "name": "MDVSA-2008:161",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:161"
                },
                {
                  "name": "MDVSA-2008:221",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:221"
                },
                {
                  "name": "29576",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29576"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-1142",
        "datePublished": "2008-04-07T17:00:00.000Z",
        "dateReserved": "2008-03-04T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:08:57.701Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2003-0067 (GCVE-0-2003-0067)

    Vulnerability from nvd – Published: 2004-09-01 04:00 – Updated: 2024-08-08 01:43
    VLAI
    Summary
    The aterm terminal emulator 0.42 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://marc.info/?l=bugtraq&m=104612710031920&w=2 mailing-listx_refsource_BUGTRAQ
    http://www.iss.net/security_center/static/11414.php vdb-entryx_refsource_XF
    http://archives.neohapsis.com/archives/vulnwatch/… mailing-listx_refsource_VULNWATCH
    Date Public
    2003-02-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T01:43:34.875Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20030224 Terminal Emulator Security Issues",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
              },
              {
                "name": "terminal-emulator-window-title(11414)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "http://www.iss.net/security_center/static/11414.php"
              },
              {
                "name": "20030224 Terminal Emulator Security Issues",
                "tags": [
                  "mailing-list",
                  "x_refsource_VULNWATCH",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2003-02-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The aterm terminal emulator 0.42 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user\u0027s terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2009-01-02T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20030224 Terminal Emulator Security Issues",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
            },
            {
              "name": "terminal-emulator-window-title(11414)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "http://www.iss.net/security_center/static/11414.php"
            },
            {
              "name": "20030224 Terminal Emulator Security Issues",
              "tags": [
                "mailing-list",
                "x_refsource_VULNWATCH"
              ],
              "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2003-0067",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The aterm terminal emulator 0.42 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user\u0027s terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20030224 Terminal Emulator Security Issues",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
                },
                {
                  "name": "terminal-emulator-window-title(11414)",
                  "refsource": "XF",
                  "url": "http://www.iss.net/security_center/static/11414.php"
                },
                {
                  "name": "20030224 Terminal Emulator Security Issues",
                  "refsource": "VULNWATCH",
                  "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2003-0067",
        "datePublished": "2004-09-01T04:00:00.000Z",
        "dateReserved": "2003-02-04T00:00:00.000Z",
        "dateUpdated": "2024-08-08T01:43:34.875Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2003-0024 (GCVE-0-2003-0024)

    Vulnerability from nvd – Published: 2004-09-01 04:00 – Updated: 2024-08-08 01:36
    VLAI
    Summary
    The menuBar feature in aterm 0.42 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/6949 vdb-entryx_refsource_BID
    http://marc.info/?l=bugtraq&m=104612710031920&w=2 mailing-listx_refsource_BUGTRAQ
    http://archives.neohapsis.com/archives/vulnwatch/… mailing-listx_refsource_VULNWATCH
    http://www.iss.net/security_center/static/11416.php vdb-entryx_refsource_XF
    Date Public
    2003-02-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T01:36:25.435Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "6949",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/6949"
              },
              {
                "name": "20030224 Terminal Emulator Security Issues",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
              },
              {
                "name": "20030224 Terminal Emulator Security Issues",
                "tags": [
                  "mailing-list",
                  "x_refsource_VULNWATCH",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
              },
              {
                "name": "terminal-emulator-menu-modification(11416)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "http://www.iss.net/security_center/static/11416.php"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2003-02-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The menuBar feature in aterm 0.42 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2009-01-02T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "6949",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/6949"
            },
            {
              "name": "20030224 Terminal Emulator Security Issues",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
            },
            {
              "name": "20030224 Terminal Emulator Security Issues",
              "tags": [
                "mailing-list",
                "x_refsource_VULNWATCH"
              ],
              "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
            },
            {
              "name": "terminal-emulator-menu-modification(11416)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "http://www.iss.net/security_center/static/11416.php"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2003-0024",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The menuBar feature in aterm 0.42 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "6949",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/6949"
                },
                {
                  "name": "20030224 Terminal Emulator Security Issues",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
                },
                {
                  "name": "20030224 Terminal Emulator Security Issues",
                  "refsource": "VULNWATCH",
                  "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
                },
                {
                  "name": "terminal-emulator-menu-modification(11416)",
                  "refsource": "XF",
                  "url": "http://www.iss.net/security_center/static/11416.php"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2003-0024",
        "datePublished": "2004-09-01T04:00:00.000Z",
        "dateReserved": "2003-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-08T01:36:25.435Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-1168 (GCVE-0-2016-1168)

    Vulnerability from cvelistv5 – Published: 2016-04-01 14:00 – Updated: 2024-08-05 22:48
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability on NEC Aterm WF800HP devices with firmware 1.0.17 and earlier allows remote attackers to hijack the authentication of arbitrary users.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://jvndb.jvn.jp/jvndb/JVNDB-2016-000035 third-party-advisoryx_refsource_JVNDB
    http://jvn.jp/en/jp/JVN07818796/index.html third-party-advisoryx_refsource_JVN
    http://jpn.nec.com/security-info/secinfo/nv16-004.html x_refsource_CONFIRM
    Date Public
    2016-03-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T22:48:13.404Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVNDB-2016-000035",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000035"
              },
              {
                "name": "JVN#07818796",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN07818796/index.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://jpn.nec.com/security-info/secinfo/nv16-004.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-03-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability on NEC Aterm WF800HP devices with firmware 1.0.17 and earlier allows remote attackers to hijack the authentication of arbitrary users."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-04-01T14:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVNDB-2016-000035",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000035"
            },
            {
              "name": "JVN#07818796",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN07818796/index.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://jpn.nec.com/security-info/secinfo/nv16-004.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2016-1168",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability on NEC Aterm WF800HP devices with firmware 1.0.17 and earlier allows remote attackers to hijack the authentication of arbitrary users."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVNDB-2016-000035",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000035"
                },
                {
                  "name": "JVN#07818796",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN07818796/index.html"
                },
                {
                  "name": "http://jpn.nec.com/security-info/secinfo/nv16-004.html",
                  "refsource": "CONFIRM",
                  "url": "http://jpn.nec.com/security-info/secinfo/nv16-004.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2016-1168",
        "datePublished": "2016-04-01T14:00:00.000Z",
        "dateReserved": "2015-12-26T00:00:00.000Z",
        "dateUpdated": "2024-08-05T22:48:13.404Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-1167 (GCVE-0-2016-1167)

    Vulnerability from cvelistv5 – Published: 2016-04-01 14:00 – Updated: 2024-08-05 22:48
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability on NEC Aterm WG300HP devices allows remote attackers to hijack the authentication of arbitrary users.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN82020528/index.html third-party-advisoryx_refsource_JVN
    http://jvndb.jvn.jp/jvndb/JVNDB-2016-000036 third-party-advisoryx_refsource_JVNDB
    http://jpn.nec.com/security-info/secinfo/nv16-005.html x_refsource_CONFIRM
    Date Public
    2016-03-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T22:48:13.341Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#82020528",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN82020528/index.html"
              },
              {
                "name": "JVNDB-2016-000036",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000036"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://jpn.nec.com/security-info/secinfo/nv16-005.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-03-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability on NEC Aterm WG300HP devices allows remote attackers to hijack the authentication of arbitrary users."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-04-01T14:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#82020528",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN82020528/index.html"
            },
            {
              "name": "JVNDB-2016-000036",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000036"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://jpn.nec.com/security-info/secinfo/nv16-005.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2016-1167",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability on NEC Aterm WG300HP devices allows remote attackers to hijack the authentication of arbitrary users."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#82020528",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN82020528/index.html"
                },
                {
                  "name": "JVNDB-2016-000036",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000036"
                },
                {
                  "name": "http://jpn.nec.com/security-info/secinfo/nv16-005.html",
                  "refsource": "CONFIRM",
                  "url": "http://jpn.nec.com/security-info/secinfo/nv16-005.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2016-1167",
        "datePublished": "2016-04-01T14:00:00.000Z",
        "dateReserved": "2015-12-26T00:00:00.000Z",
        "dateUpdated": "2024-08-05T22:48:13.341Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1142 (GCVE-0-2008-1142)

    Vulnerability from cvelistv5 – Published: 2008-04-07 17:00 – Updated: 2024-08-07 08:08
    VLAI
    Summary
    rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://article.gmane.org/gmane.comp.security.oss.… x_refsource_MISC
    http://secunia.com/advisories/30226 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/28512 vdb-entryx_refsource_BID
    http://secunia.com/advisories/30229 third-party-advisoryx_refsource_SECUNIA
    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469296 x_refsource_CONFIRM
    http://secunia.com/advisories/31687 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/30225 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/30227 third-party-advisoryx_refsource_SECUNIA
    http://security.gentoo.org/glsa/glsa-200805-03.xml vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/30224 third-party-advisoryx_refsource_SECUNIA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://secunia.com/advisories/29576 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2008-03-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:08:57.701Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SR:2008:017",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://article.gmane.org/gmane.comp.security.oss.general/122"
              },
              {
                "name": "30226",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30226"
              },
              {
                "name": "28512",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28512"
              },
              {
                "name": "30229",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30229"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469296"
              },
              {
                "name": "31687",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31687"
              },
              {
                "name": "30225",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30225"
              },
              {
                "name": "30227",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30227"
              },
              {
                "name": "GLSA-200805-03",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200805-03.xml"
              },
              {
                "name": "30224",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30224"
              },
              {
                "name": "MDVSA-2008:161",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:161"
              },
              {
                "name": "MDVSA-2008:221",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:221"
              },
              {
                "name": "29576",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29576"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-03-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections.  NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected.  NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-05-13T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SUSE-SR:2008:017",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://article.gmane.org/gmane.comp.security.oss.general/122"
            },
            {
              "name": "30226",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30226"
            },
            {
              "name": "28512",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28512"
            },
            {
              "name": "30229",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30229"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469296"
            },
            {
              "name": "31687",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31687"
            },
            {
              "name": "30225",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30225"
            },
            {
              "name": "30227",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30227"
            },
            {
              "name": "GLSA-200805-03",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200805-03.xml"
            },
            {
              "name": "30224",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30224"
            },
            {
              "name": "MDVSA-2008:161",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:161"
            },
            {
              "name": "MDVSA-2008:221",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:221"
            },
            {
              "name": "29576",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29576"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-1142",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections.  NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected.  NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SR:2008:017",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
                },
                {
                  "name": "http://article.gmane.org/gmane.comp.security.oss.general/122",
                  "refsource": "MISC",
                  "url": "http://article.gmane.org/gmane.comp.security.oss.general/122"
                },
                {
                  "name": "30226",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30226"
                },
                {
                  "name": "28512",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28512"
                },
                {
                  "name": "30229",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30229"
                },
                {
                  "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469296",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469296"
                },
                {
                  "name": "31687",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31687"
                },
                {
                  "name": "30225",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30225"
                },
                {
                  "name": "30227",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30227"
                },
                {
                  "name": "GLSA-200805-03",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200805-03.xml"
                },
                {
                  "name": "30224",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30224"
                },
                {
                  "name": "MDVSA-2008:161",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:161"
                },
                {
                  "name": "MDVSA-2008:221",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:221"
                },
                {
                  "name": "29576",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29576"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-1142",
        "datePublished": "2008-04-07T17:00:00.000Z",
        "dateReserved": "2008-03-04T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:08:57.701Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2003-0067 (GCVE-0-2003-0067)

    Vulnerability from cvelistv5 – Published: 2004-09-01 04:00 – Updated: 2024-08-08 01:43
    VLAI
    Summary
    The aterm terminal emulator 0.42 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://marc.info/?l=bugtraq&m=104612710031920&w=2 mailing-listx_refsource_BUGTRAQ
    http://www.iss.net/security_center/static/11414.php vdb-entryx_refsource_XF
    http://archives.neohapsis.com/archives/vulnwatch/… mailing-listx_refsource_VULNWATCH
    Date Public
    2003-02-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T01:43:34.875Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20030224 Terminal Emulator Security Issues",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
              },
              {
                "name": "terminal-emulator-window-title(11414)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "http://www.iss.net/security_center/static/11414.php"
              },
              {
                "name": "20030224 Terminal Emulator Security Issues",
                "tags": [
                  "mailing-list",
                  "x_refsource_VULNWATCH",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2003-02-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The aterm terminal emulator 0.42 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user\u0027s terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2009-01-02T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20030224 Terminal Emulator Security Issues",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
            },
            {
              "name": "terminal-emulator-window-title(11414)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "http://www.iss.net/security_center/static/11414.php"
            },
            {
              "name": "20030224 Terminal Emulator Security Issues",
              "tags": [
                "mailing-list",
                "x_refsource_VULNWATCH"
              ],
              "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2003-0067",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The aterm terminal emulator 0.42 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user\u0027s terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20030224 Terminal Emulator Security Issues",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
                },
                {
                  "name": "terminal-emulator-window-title(11414)",
                  "refsource": "XF",
                  "url": "http://www.iss.net/security_center/static/11414.php"
                },
                {
                  "name": "20030224 Terminal Emulator Security Issues",
                  "refsource": "VULNWATCH",
                  "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2003-0067",
        "datePublished": "2004-09-01T04:00:00.000Z",
        "dateReserved": "2003-02-04T00:00:00.000Z",
        "dateUpdated": "2024-08-08T01:43:34.875Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2003-0024 (GCVE-0-2003-0024)

    Vulnerability from cvelistv5 – Published: 2004-09-01 04:00 – Updated: 2024-08-08 01:36
    VLAI
    Summary
    The menuBar feature in aterm 0.42 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/6949 vdb-entryx_refsource_BID
    http://marc.info/?l=bugtraq&m=104612710031920&w=2 mailing-listx_refsource_BUGTRAQ
    http://archives.neohapsis.com/archives/vulnwatch/… mailing-listx_refsource_VULNWATCH
    http://www.iss.net/security_center/static/11416.php vdb-entryx_refsource_XF
    Date Public
    2003-02-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T01:36:25.435Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "6949",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/6949"
              },
              {
                "name": "20030224 Terminal Emulator Security Issues",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
              },
              {
                "name": "20030224 Terminal Emulator Security Issues",
                "tags": [
                  "mailing-list",
                  "x_refsource_VULNWATCH",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
              },
              {
                "name": "terminal-emulator-menu-modification(11416)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "http://www.iss.net/security_center/static/11416.php"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2003-02-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The menuBar feature in aterm 0.42 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2009-01-02T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "6949",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/6949"
            },
            {
              "name": "20030224 Terminal Emulator Security Issues",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
            },
            {
              "name": "20030224 Terminal Emulator Security Issues",
              "tags": [
                "mailing-list",
                "x_refsource_VULNWATCH"
              ],
              "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
            },
            {
              "name": "terminal-emulator-menu-modification(11416)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "http://www.iss.net/security_center/static/11416.php"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2003-0024",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The menuBar feature in aterm 0.42 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "6949",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/6949"
                },
                {
                  "name": "20030224 Terminal Emulator Security Issues",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
                },
                {
                  "name": "20030224 Terminal Emulator Security Issues",
                  "refsource": "VULNWATCH",
                  "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
                },
                {
                  "name": "terminal-emulator-menu-modification(11416)",
                  "refsource": "XF",
                  "url": "http://www.iss.net/security_center/static/11416.php"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2003-0024",
        "datePublished": "2004-09-01T04:00:00.000Z",
        "dateReserved": "2003-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-08T01:36:25.435Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }