CVE-2023-3333

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-3333
Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to execute an arbitrary OS command with the root privilege, after obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities.

7.2 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://https://jpn.nec.com/security-info/secinfo/nv23-007_en.html Broken Link
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:nec:aterm_wf300hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wf300hp:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:nec:aterm_wg1400hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg1400hp:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:nec:aterm_wg1800hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg1800hp:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:nec:aterm_wg1800hp2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg1800hp2:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:nec:aterm_wg2200hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg2200hp:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:nec:aterm_wg2600hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg2600hp:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:nec:aterm_wg2600hp2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg2600hp2:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:nec:aterm_wg300hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg300hp:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:nec:aterm_wg600hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg600hp:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:nec:aterm_wr8600n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8600n:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:nec:aterm_wr8700n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8700n:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:nec:aterm_wr8750n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8750n:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:nec:aterm_wr9300n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr9300n:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:nec:aterm_wr9500n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr9500n:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:nec:aterm_wr8170n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8170n:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:nec:aterm_wr8175n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8175n:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:nec:aterm_wr8370n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8370n:-:*:*:*:*:*:*:*
History

05 Jul 2023, 19:19

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.2
References (MISC) https://https://jpn.nec.com/security-info/secinfo/nv23-007_en.html - (MISC) https://https://jpn.nec.com/security-info/secinfo/nv23-007_en.html - Broken Link
CWE CWE-78
First Time Nec aterm Wr8700n Firmware
Nec aterm Wr8170n Firmware
Nec aterm Wg1800hp2
Nec aterm Wg2600hp2 Firmware
Nec aterm Wg300hp Firmware
Nec aterm Wr8175n
Nec aterm Wr9500n
Nec aterm Wr9300n Firmware
Nec aterm Wr8750n
Nec aterm Wg300hp
Nec aterm Wg2200hp
Nec aterm Wg2600hp Firmware
Nec aterm Wg1400hp
Nec aterm Wf300hp
Nec aterm Wr8170n
Nec aterm Wg2200hp Firmware
Nec aterm Wg1800hp
Nec aterm Wr8600n
Nec aterm Wr8700n
Nec aterm Wg2600hp2
Nec aterm Wg600hp Firmware
Nec aterm Wr8600n Firmware
Nec aterm Wr9500n Firmware
Nec aterm Wf300hp Firmware
Nec aterm Wg1400hp Firmware
Nec aterm Wr8175n Firmware
Nec aterm Wg2600hp
Nec aterm Wr8750n Firmware
Nec aterm Wr9300n
Nec aterm Wr8370n Firmware
Nec aterm Wg1800hp2 Firmware
Nec aterm Wg1800hp Firmware
Nec
Nec aterm Wg600hp
Nec aterm Wr8370n
CPE cpe:2.3:o:nec:aterm_wg1400hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wr8370n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wr8170n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wg1800hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg300hp:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wr9300n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wg2600hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8170n:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg1400hp:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8600n:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8700n:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wr8700n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wr8750n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr9500n:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg2600hp2:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wg2600hp2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wr9500n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wf300hp:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8370n:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg1800hp:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8750n:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wg600hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wr8600n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8175n:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wg2200hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg600hp:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr9300n:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg2600hp:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wf300hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg1800hp2:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wg300hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg2200hp:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wg1800hp2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:nec:aterm_wr8175n_firmware:-:*:*:*:*:*:*:*

03 Jul 2023, 03:15

Type Values Removed Values Added
Summary Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG2200HP all versions allows a attacker to execute an arbitrary OS command with the root privilege, after obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities. Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to execute an arbitrary OS command with the root privilege, after obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities.

28 Jun 2023, 02:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-06-28 02:15

Updated : 2024-02-28 20:13

NVD link : CVE-2023-3333

Mitre link : CVE-2023-3333

CVE.ORG link : CVE-2023-3333

JSON object : View

Products Affected

nec

  • aterm_wg2200hp_firmware
  • aterm_wg2600hp2
  • aterm_wr8175n_firmware
  • aterm_wr8700n_firmware
  • aterm_wg1800hp2
  • aterm_wr8170n_firmware
  • aterm_wr9500n_firmware
  • aterm_wr8600n_firmware
  • aterm_wg2600hp2_firmware
  • aterm_wg2600hp
  • aterm_wr9300n
  • aterm_wg300hp
  • aterm_wg1800hp
  • aterm_wr8175n
  • aterm_wr9500n
  • aterm_wg300hp_firmware
  • aterm_wg600hp
  • aterm_wr8370n
  • aterm_wg1800hp2_firmware
  • aterm_wf300hp
  • aterm_wr8750n
  • aterm_wr9300n_firmware
  • aterm_wr8600n
  • aterm_wg1400hp_firmware
  • aterm_wr8750n_firmware
  • aterm_wr8370n_firmware
  • aterm_wf300hp_firmware
  • aterm_wg600hp_firmware
  • aterm_wg1400hp
  • aterm_wr8170n
  • aterm_wg1800hp_firmware
  • aterm_wr8700n
  • aterm_wg2200hp
  • aterm_wg2600hp_firmware
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024