CVE-2023-3332
Severity Score
4.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Improper Neutralization of Input During Web Page Generation vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to
execute an arbitrary script, after obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities.
*Credits:
Mr. Taizoh Tsukamoto in Mitsui Bussan Secure Directions, Inc.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-06-20 CVE Reserved
- 2023-06-28 CVE Published
- 2024-07-30 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://https://jpn.nec.com/security-info/secinfo/nv23-007_en.html | Broken Link |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Nec Search vendor "Nec" | Aterm Wf300hp Firmware Search vendor "Nec" for product "Aterm Wf300hp Firmware" | - | - |
Affected
| in | Nec Search vendor "Nec" | Aterm Wf300hp Search vendor "Nec" for product "Aterm Wf300hp" | - | - |
Safe
|
| Nec Search vendor "Nec" | Aterm Wg1400hp Firmware Search vendor "Nec" for product "Aterm Wg1400hp Firmware" | - | - |
Affected
| in | Nec Search vendor "Nec" | Aterm Wg1400hp Search vendor "Nec" for product "Aterm Wg1400hp" | - | - |
Safe
|
| Nec Search vendor "Nec" | Aterm Wg1800hp Firmware Search vendor "Nec" for product "Aterm Wg1800hp Firmware" | - | - |
Affected
| in | Nec Search vendor "Nec" | Aterm Wg1800hp Search vendor "Nec" for product "Aterm Wg1800hp" | - | - |
Safe
|
| Nec Search vendor "Nec" | Aterm Wg1800hp2 Firmware Search vendor "Nec" for product "Aterm Wg1800hp2 Firmware" | - | - |
Affected
| in | Nec Search vendor "Nec" | Aterm Wg1800hp2 Search vendor "Nec" for product "Aterm Wg1800hp2" | - | - |
Safe
|
| Nec Search vendor "Nec" | Aterm Wg2200hp Firmware Search vendor "Nec" for product "Aterm Wg2200hp Firmware" | - | - |
Affected
| in | Nec Search vendor "Nec" | Aterm Wg2200hp Search vendor "Nec" for product "Aterm Wg2200hp" | - | - |
Safe
|
| Nec Search vendor "Nec" | Aterm Wg2600hp Firmware Search vendor "Nec" for product "Aterm Wg2600hp Firmware" | - | - |
Affected
| in | Nec Search vendor "Nec" | Aterm Wg2600hp Search vendor "Nec" for product "Aterm Wg2600hp" | - | - |
Safe
|
| Nec Search vendor "Nec" | Aterm Wg2600hp2 Firmware Search vendor "Nec" for product "Aterm Wg2600hp2 Firmware" | - | - |
Affected
| in | Nec Search vendor "Nec" | Aterm Wg2600hp2 Search vendor "Nec" for product "Aterm Wg2600hp2" | - | - |
Safe
|
| Nec Search vendor "Nec" | Aterm Wg300hp Firmware Search vendor "Nec" for product "Aterm Wg300hp Firmware" | - | - |
Affected
| in | Nec Search vendor "Nec" | Aterm Wg300hp Search vendor "Nec" for product "Aterm Wg300hp" | - | - |
Safe
|
| Nec Search vendor "Nec" | Aterm Wg600hp Firmware Search vendor "Nec" for product "Aterm Wg600hp Firmware" | - | - |
Affected
| in | Nec Search vendor "Nec" | Aterm Wg600hp Search vendor "Nec" for product "Aterm Wg600hp" | - | - |
Safe
|
| Nec Search vendor "Nec" | Aterm Wr8600n Firmware Search vendor "Nec" for product "Aterm Wr8600n Firmware" | - | - |
Affected
| in | Nec Search vendor "Nec" | Aterm Wr8600n Search vendor "Nec" for product "Aterm Wr8600n" | - | - |
Safe
|
| Nec Search vendor "Nec" | Aterm Wr8700n Firmware Search vendor "Nec" for product "Aterm Wr8700n Firmware" | - | - |
Affected
| in | Nec Search vendor "Nec" | Aterm Wr8700n Search vendor "Nec" for product "Aterm Wr8700n" | - | - |
Safe
|
| Nec Search vendor "Nec" | Aterm Wr8750n Firmware Search vendor "Nec" for product "Aterm Wr8750n Firmware" | - | - |
Affected
| in | Nec Search vendor "Nec" | Aterm Wr8750n Search vendor "Nec" for product "Aterm Wr8750n" | - | - |
Safe
|
| Nec Search vendor "Nec" | Aterm Wr9300n Firmware Search vendor "Nec" for product "Aterm Wr9300n Firmware" | - | - |
Affected
| in | Nec Search vendor "Nec" | Aterm Wr9300n Search vendor "Nec" for product "Aterm Wr9300n" | - | - |
Safe
|
| Nec Search vendor "Nec" | Aterm Wr9500n Firmware Search vendor "Nec" for product "Aterm Wr9500n Firmware" | - | - |
Affected
| in | Nec Search vendor "Nec" | Aterm Wr9500n Search vendor "Nec" for product "Aterm Wr9500n" | - | - |
Safe
|
| Nec Search vendor "Nec" | Aterm Wr8170n Firmware Search vendor "Nec" for product "Aterm Wr8170n Firmware" | - | - |
Affected
| in | Nec Search vendor "Nec" | Aterm Wr8170n Search vendor "Nec" for product "Aterm Wr8170n" | - | - |
Safe
|
| Nec Search vendor "Nec" | Aterm Wr8175n Firmware Search vendor "Nec" for product "Aterm Wr8175n Firmware" | - | - |
Affected
| in | Nec Search vendor "Nec" | Aterm Wr8175n Search vendor "Nec" for product "Aterm Wr8175n" | - | - |
Safe
|
| Nec Search vendor "Nec" | Aterm Wr8370n Firmware Search vendor "Nec" for product "Aterm Wr8370n Firmware" | - | - |
Affected
| in | Nec Search vendor "Nec" | Aterm Wr8370n Search vendor "Nec" for product "Aterm Wr8370n" | - | - |
Safe
|