CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20710
https://notcve.org/view.php?id=CVE-2021-20710
26 Apr 2021 — Cross-site scripting vulnerability in Aterm WG2600HS firmware Ver1.5.1 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors. Una vulnerabilidad de tipo Cross-site scripting en el Aterm WG2600HS versiones de firmware Ver1.5.1 y anteriores, permite a atacantes remotos inyectar una script arbitraria por medio de vectores no especificados • https://jpn.nec.com/security-info/secinfo/nv21-010.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-20621
https://notcve.org/view.php?id=CVE-2021-20621
28 Jan 2021 — Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Vulnerabilidad de tipo Cross-site request forgery (CSRF) en Aterm WG2600HP firmware versiones 1.0.2 y anteriores, y Aterm WG2600HP2 firmware versiones 1.0.2 y anteriores, permite a atacantes remotos secuestrar la autenticación de administradores por medio de vectores n... • https://jpn.nec.com/security-info/secinfo/nv21-005.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-20622
https://notcve.org/view.php?id=CVE-2021-20622
28 Jan 2021 — Cross-site scripting vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors. Vulnerabilidad de tipo Cross-site scripting en Aterm WG2600HP firmware versiones 1.0.2 y anteriores, y Aterm WG2600HP2 firmware versiones 1.0.2 y anteriores, permite a atacantes remotos inyectar un script arbitrario por medio de vectores no especificados • https://jpn.nec.com/security-info/secinfo/nv21-005.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20620
https://notcve.org/view.php?id=CVE-2021-20620
28 Jan 2021 — Cross-site scripting vulnerability in Aterm WF800HP firmware Ver1.0.9 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors. Una vulnerabilidad de tipo Cross-site scripting en el firmware Aterm WF800HP versiones 1.0.9 y anteriores permite a atacantes remotos inyectar un script arbitrario por medio de vectores no especificados • https://jpn.nec.com/security-info/secinfo/nv21-005.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2017-12575 – NEC Aterm WG2600HP2 Information Disclosure
https://notcve.org/view.php?id=CVE-2017-12575
23 Aug 2018 — An issue was discovered on the NEC Aterm WG2600HP2 1.0.2. The router has a set of web service APIs for access to and setup of the configuration. Some APIs don't require authentication. An attacker could exploit this vulnerability by sending a crafted HTTP request to retrieve DHCP clients, firmware version, and network status (ex.: curl -X http://[IP]/aterm_httpif.cgi/negotiate -d "REQ_ID=SUPPORT_IF_GET"). Se ha descubierto un error en NEC Aterm WG2600HP2 1.0.2. • https://packetstorm.news/files/id/149061 • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-1167
https://notcve.org/view.php?id=CVE-2016-1167
01 Apr 2016 — Cross-site request forgery (CSRF) vulnerability on NEC Aterm WG300HP devices allows remote attackers to hijack the authentication of arbitrary users. Vulnerabilidad de CSRF en dispositivos NEC Aterm WG300HP permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios. • http://jpn.nec.com/security-info/secinfo/nv16-005.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-1168
https://notcve.org/view.php?id=CVE-2016-1168
01 Apr 2016 — Cross-site request forgery (CSRF) vulnerability on NEC Aterm WF800HP devices with firmware 1.0.17 and earlier allows remote attackers to hijack the authentication of arbitrary users. Vulnerabilidad de CSRF en dispositivos NEC Aterm WF800HP con firmware 1.0.17 y versiones anteriores permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios. • http://jpn.nec.com/security-info/secinfo/nv16-004.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 94%CPEs: 62EXPL: 2CVE-2014-8361 – Realtek SDK Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2014-8361
24 Apr 2015 — The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023. El servicio miniigd SOAP en Realtek SDK permite a atacantes remotos ejecutar código arbitrario a través de una solicitud NewInternalClient manipulada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Realtek SDK. Authentication is not required to exploit this vulnerability. The specific... • https://packetstorm.news/files/id/132090 •
CVSS: 9.1EPSS: 0%CPEs: 118EXPL: 0CVE-2008-1142
https://notcve.org/view.php?id=CVE-2008-1142
07 Apr 2008 — rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine. Rxvt versión 2.6.4 abre una ventana terminal en :0 si no se establece la variable de entorno DISPLAY, lo que podría permitir a los usuarios locales secuestrar conexion... • http://article.gmane.org/gmane.comp.security.oss.general/122 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2003-0067
https://notcve.org/view.php?id=CVE-2003-0067
18 Mar 2003 — The aterm terminal emulator 0.42 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. • http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html •