CVE-2023-3332

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-3332
Improper Neutralization of Input During Web Page Generation vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to  execute an arbitrary script, after obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities.

4.8 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.7 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://https://jpn.nec.com/security-info/secinfo/nv23-007_en.html Broken Link
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:nec:aterm_wf300hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wf300hp:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:nec:aterm_wg1400hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg1400hp:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:nec:aterm_wg1800hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg1800hp:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:nec:aterm_wg1800hp2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg1800hp2:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:nec:aterm_wg2200hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg2200hp:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:nec:aterm_wg2600hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg2600hp:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:nec:aterm_wg2600hp2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg2600hp2:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:nec:aterm_wg300hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg300hp:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:nec:aterm_wg600hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg600hp:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:nec:aterm_wr8600n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8600n:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:nec:aterm_wr8700n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8700n:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:nec:aterm_wr8750n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8750n:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:nec:aterm_wr9300n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr9300n:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:nec:aterm_wr9500n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr9500n:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:nec:aterm_wr8170n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8170n:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:nec:aterm_wr8175n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8175n:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:nec:aterm_wr8370n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8370n:-:*:*:*:*:*:*:*
History

05 Jul 2023, 19:19

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 4.8
First Time Nec
Nec aterm Wr8370n
Nec aterm Wg2600hp2
Nec aterm Wr8750n
Nec aterm Wg1800hp Firmware
Nec aterm Wg600hp Firmware
Nec aterm Wf300hp Firmware
Nec aterm Wg2200hp
Nec aterm Wr9300n Firmware
Nec aterm Wg2600hp2 Firmware
Nec aterm Wr8170n Firmware
Nec aterm Wr8170n
Nec aterm Wr8175n Firmware
Nec aterm Wr9500n
Nec aterm Wr8600n
Nec aterm Wg2600hp Firmware
Nec aterm Wf300hp
Nec aterm Wr9500n Firmware
Nec aterm Wg1400hp Firmware
Nec aterm Wg2600hp
Nec aterm Wr8700n Firmware
Nec aterm Wg300hp
Nec aterm Wg1800hp2
Nec aterm Wr8600n Firmware
Nec aterm Wg300hp Firmware
Nec aterm Wg2200hp Firmware
Nec aterm Wr8700n
Nec aterm Wg1400hp
Nec aterm Wr9300n
Nec aterm Wr8370n Firmware
Nec aterm Wg1800hp
Nec aterm Wr8175n
Nec aterm Wg600hp
Nec aterm Wr8750n Firmware
Nec aterm Wg1800hp2 Firmware
CPE cpe:2.3:o:nec:aterm_wr9500n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wr9300n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wr8370n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wg2200hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wg2600hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wg600hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8750n:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wr8175n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8700n:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wr8750n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg2600hp2:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg2600hp:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wg1400hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr9300n:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg1400hp:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg2200hp:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg300hp:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg600hp:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wg300hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg1800hp:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8175n:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wr8170n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wr8600n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wr8700n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8170n:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8600n:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wg1800hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wf300hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wg2600hp2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8370n:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wf300hp:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg1800hp2:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr9500n:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wg1800hp2_firmware:-:*:*:*:*:*:*:*
CWE CWE-79
References (MISC) https://https://jpn.nec.com/security-info/secinfo/nv23-007_en.html - (MISC) https://https://jpn.nec.com/security-info/secinfo/nv23-007_en.html - Broken Link

03 Jul 2023, 03:15

Type Values Removed Values Added
Summary Improper Neutralization of Input During Web Page Generation vulnerability in NEC Corporation Aterm WG2200HP all versions allows a attacker to execute an arbitrary script, after obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities. Improper Neutralization of Input During Web Page Generation vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to  execute an arbitrary script, after obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities.

28 Jun 2023, 02:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-06-28 02:15

Updated : 2023-12-10 15:01

NVD link : CVE-2023-3332

Mitre link : CVE-2023-3332

CVE.ORG link : CVE-2023-3332

JSON object : View

Products Affected

nec

  • aterm_wg2600hp_firmware
  • aterm_wr8600n
  • aterm_wg600hp_firmware
  • aterm_wg2200hp
  • aterm_wr8170n
  • aterm_wg300hp
  • aterm_wr8370n_firmware
  • aterm_wr8750n_firmware
  • aterm_wr9500n
  • aterm_wr8750n
  • aterm_wg1800hp2
  • aterm_wg1400hp
  • aterm_wg1800hp2_firmware
  • aterm_wg300hp_firmware
  • aterm_wg2200hp_firmware
  • aterm_wf300hp
  • aterm_wr8700n_firmware
  • aterm_wr9500n_firmware
  • aterm_wg2600hp2
  • aterm_wg600hp
  • aterm_wf300hp_firmware
  • aterm_wr9300n
  • aterm_wg2600hp
  • aterm_wg2600hp2_firmware
  • aterm_wr9300n_firmware
  • aterm_wr8175n
  • aterm_wr8700n
  • aterm_wg1800hp_firmware
  • aterm_wg1400hp_firmware
  • aterm_wr8175n_firmware
  • aterm_wr8370n
  • aterm_wr8600n_firmware
  • aterm_wr8170n_firmware
  • aterm_wg1800hp
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')