CVE-2023-3332

Improper Neutralization of Input During Web Page Generation vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to  execute an arbitrary script, after obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:nec:aterm_wf300hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wf300hp:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:nec:aterm_wg1400hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg1400hp:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:nec:aterm_wg1800hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg1800hp:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:nec:aterm_wg1800hp2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg1800hp2:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:nec:aterm_wg2200hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg2200hp:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:nec:aterm_wg2600hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg2600hp:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:nec:aterm_wg2600hp2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg2600hp2:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:nec:aterm_wg300hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg300hp:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:nec:aterm_wg600hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg600hp:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:nec:aterm_wr8600n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8600n:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:nec:aterm_wr8700n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8700n:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:nec:aterm_wr8750n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8750n:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:nec:aterm_wr9300n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr9300n:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:nec:aterm_wr9500n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr9500n:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:nec:aterm_wr8170n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8170n:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:nec:aterm_wr8175n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8175n:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:nec:aterm_wr8370n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8370n:-:*:*:*:*:*:*:*

History

05 Jul 2023, 19:19

Type Values Removed Values Added
CWE CWE-79
References (MISC) https://https://jpn.nec.com/security-info/secinfo/nv23-007_en.html - (MISC) https://https://jpn.nec.com/security-info/secinfo/nv23-007_en.html - Broken Link
First Time Nec aterm Wr8700n Firmware
Nec aterm Wr8170n Firmware
Nec aterm Wg1800hp2
Nec aterm Wg2600hp2 Firmware
Nec aterm Wg300hp Firmware
Nec aterm Wr8175n
Nec aterm Wr9500n
Nec aterm Wr9300n Firmware
Nec aterm Wr8750n
Nec aterm Wg300hp
Nec aterm Wg2200hp
Nec aterm Wg2600hp Firmware
Nec aterm Wg1400hp
Nec aterm Wf300hp
Nec aterm Wr8170n
Nec aterm Wg2200hp Firmware
Nec aterm Wg1800hp
Nec aterm Wr8600n
Nec aterm Wr8700n
Nec aterm Wg2600hp2
Nec aterm Wg600hp Firmware
Nec aterm Wr8600n Firmware
Nec aterm Wr9500n Firmware
Nec aterm Wf300hp Firmware
Nec aterm Wg1400hp Firmware
Nec aterm Wr8175n Firmware
Nec aterm Wg2600hp
Nec aterm Wr8750n Firmware
Nec aterm Wr9300n
Nec aterm Wr8370n Firmware
Nec aterm Wg1800hp2 Firmware
Nec aterm Wg1800hp Firmware
Nec
Nec aterm Wg600hp
Nec aterm Wr8370n
CPE cpe:2.3:o:nec:aterm_wg1400hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wr8370n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wr8170n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wg1800hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg300hp:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wr9300n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wg2600hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8170n:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg1400hp:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8600n:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8700n:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wr8700n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wr8750n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr9500n:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg2600hp2:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wg2600hp2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wr9500n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wf300hp:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8370n:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg1800hp:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8750n:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wg600hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wr8600n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8175n:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wg2200hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg600hp:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr9300n:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg2600hp:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wf300hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg1800hp2:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wg300hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg2200hp:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wg1800hp2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wr8175n_firmware:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.8

03 Jul 2023, 03:15

Type Values Removed Values Added
Summary Improper Neutralization of Input During Web Page Generation vulnerability in NEC Corporation Aterm WG2200HP all versions allows a attacker to execute an arbitrary script, after obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities. Improper Neutralization of Input During Web Page Generation vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to  execute an arbitrary script, after obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities.

28 Jun 2023, 02:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-06-28 02:15

Updated : 2024-02-28 20:13


NVD link : CVE-2023-3332

Mitre link : CVE-2023-3332

CVE.ORG link : CVE-2023-3332


JSON object : View

Products Affected

nec

  • aterm_wg2200hp_firmware
  • aterm_wg2600hp2
  • aterm_wr8175n_firmware
  • aterm_wr8700n_firmware
  • aterm_wg1800hp2
  • aterm_wr8170n_firmware
  • aterm_wr9500n_firmware
  • aterm_wr8600n_firmware
  • aterm_wg2600hp2_firmware
  • aterm_wg2600hp
  • aterm_wr9300n
  • aterm_wg300hp
  • aterm_wg1800hp
  • aterm_wr8175n
  • aterm_wr9500n
  • aterm_wg300hp_firmware
  • aterm_wg600hp
  • aterm_wr8370n
  • aterm_wg1800hp2_firmware
  • aterm_wf300hp
  • aterm_wr8750n
  • aterm_wr9300n_firmware
  • aterm_wr8600n
  • aterm_wg1400hp_firmware
  • aterm_wr8750n_firmware
  • aterm_wr8370n_firmware
  • aterm_wf300hp_firmware
  • aterm_wg600hp_firmware
  • aterm_wg1400hp
  • aterm_wr8170n
  • aterm_wg1800hp_firmware
  • aterm_wr8700n
  • aterm_wg2200hp
  • aterm_wg2600hp_firmware
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')