CVE-2023-3330

Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to obtain specific files in the product.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:nec:aterm_wf300hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wf300hp:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:nec:aterm_wg1400hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg1400hp:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:nec:aterm_wg1800hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg1800hp:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:nec:aterm_wg1800hp2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg1800hp2:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:nec:aterm_wg2200hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg2200hp:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:nec:aterm_wg2600hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg2600hp:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:nec:aterm_wg2600hp2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg2600hp2:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:nec:aterm_wg300hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg300hp:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:nec:aterm_wg600hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg600hp:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:nec:aterm_wr8600n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8600n:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:nec:aterm_wr8700n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8700n:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:nec:aterm_wr8750n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8750n:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:nec:aterm_wr9300n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr9300n:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:nec:aterm_wr9500n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr9500n:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:nec:aterm_wr8170n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8170n:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:nec:aterm_wr8175n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8175n:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:nec:aterm_wr8370n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8370n:-:*:*:*:*:*:*:*

History

28 Aug 2023, 01:15

Type Values Removed Values Added
References
  • {'url': 'https://https://jpn.nec.com/security-info/secinfo/nv23-007_en.html', 'name': 'https://https://jpn.nec.com/security-info/secinfo/nv23-007_en.html', 'tags': ['Broken Link'], 'refsource': 'MISC'}
  • (MISC) https://jpn.nec.com/security-info/secinfo/nv23-007_en.html -

05 Jul 2023, 18:45

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.3
References (MISC) https://https://jpn.nec.com/security-info/secinfo/nv23-007_en.html - (MISC) https://https://jpn.nec.com/security-info/secinfo/nv23-007_en.html - Broken Link
First Time Nec aterm Wr8700n Firmware
Nec aterm Wr8170n Firmware
Nec aterm Wg1800hp2
Nec aterm Wg2600hp2 Firmware
Nec aterm Wg300hp Firmware
Nec aterm Wr8175n
Nec aterm Wr9500n
Nec aterm Wr9300n Firmware
Nec aterm Wr8750n
Nec aterm Wg300hp
Nec aterm Wg2200hp
Nec aterm Wg2600hp Firmware
Nec aterm Wg1400hp
Nec aterm Wf300hp
Nec aterm Wr8170n
Nec aterm Wg2200hp Firmware
Nec aterm Wg1800hp
Nec aterm Wr8600n
Nec aterm Wr8700n
Nec aterm Wg2600hp2
Nec aterm Wg600hp Firmware
Nec aterm Wr8600n Firmware
Nec aterm Wr9500n Firmware
Nec aterm Wf300hp Firmware
Nec aterm Wg1400hp Firmware
Nec aterm Wr8175n Firmware
Nec aterm Wg2600hp
Nec aterm Wr8750n Firmware
Nec aterm Wr9300n
Nec aterm Wr8370n Firmware
Nec aterm Wg1800hp2 Firmware
Nec aterm Wg1800hp Firmware
Nec
Nec aterm Wg600hp
Nec aterm Wr8370n
CWE CWE-22
CPE cpe:2.3:o:nec:aterm_wg1400hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wr8370n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wr8170n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wg1800hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg300hp:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wr9300n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wg2600hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8170n:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg1400hp:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8600n:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8700n:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wr8700n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wr8750n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr9500n:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg2600hp2:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wg2600hp2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wr9500n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wf300hp:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8370n:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg1800hp:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8750n:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wg600hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wr8600n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8175n:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wg2200hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg600hp:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr9300n:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg2600hp:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wf300hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg1800hp2:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wg300hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg2200hp:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wg1800hp2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wr8175n_firmware:-:*:*:*:*:*:*:*

03 Jul 2023, 03:15

Type Values Removed Values Added
Summary Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2200HP all versions allows a attacker to obtain specific files in the product . Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to obtain specific files in the product.

28 Jun 2023, 02:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-06-28 02:15

Updated : 2024-02-28 20:13


NVD link : CVE-2023-3330

Mitre link : CVE-2023-3330

CVE.ORG link : CVE-2023-3330


JSON object : View

Products Affected

nec

  • aterm_wg2200hp_firmware
  • aterm_wg2600hp2
  • aterm_wr8175n_firmware
  • aterm_wr8700n_firmware
  • aterm_wg1800hp2
  • aterm_wr8170n_firmware
  • aterm_wr9500n_firmware
  • aterm_wr8600n_firmware
  • aterm_wg2600hp2_firmware
  • aterm_wg2600hp
  • aterm_wr9300n
  • aterm_wg300hp
  • aterm_wg1800hp
  • aterm_wr8175n
  • aterm_wr9500n
  • aterm_wg300hp_firmware
  • aterm_wg600hp
  • aterm_wr8370n
  • aterm_wg1800hp2_firmware
  • aterm_wf300hp
  • aterm_wr8750n
  • aterm_wr9300n_firmware
  • aterm_wr8600n
  • aterm_wg1400hp_firmware
  • aterm_wr8750n_firmware
  • aterm_wr8370n_firmware
  • aterm_wf300hp_firmware
  • aterm_wg600hp_firmware
  • aterm_wg1400hp
  • aterm_wr8170n
  • aterm_wg1800hp_firmware
  • aterm_wr8700n
  • aterm_wg2200hp
  • aterm_wg2600hp_firmware
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')