JVN#38343415: Multiple vulnerabilities in Aterm series

Overview

Aterm series provided by NEC Corporation contain multiple vulnerabilities.

Products Affected

All versions of following Aterm series are affected by the vulnerabilities.

WG2600HP2
WG2600HP
WG2200HP
WG1800HP2
WG1800HP
WG1400HP
WG600HP
WG300HP
WF300HP
WR9500N
WR9300N
WR8750N
WR8700N
WR8600N
WR8370N
WR8175N
WR8170N

Description

Aterm series provided by NEC Corporation contain multiple vulnerabilities listed below.

Directory traversal (CWE-22) - CVE-2023-3330

CVSS v3 CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N Base Score: 2.6

CVSS v2 AV:A/AC:M/Au:S/C:P/I:N/A:N Base Score: 2.3
Directory traversal (CWE-22) - CVE-2023-3331

CVSS v3 CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N Base Score: 2.6

CVSS v2 AV:A/AC:M/Au:S/C:N/I:P/A:N Base Score: 2.3
Stored cross-site scripting (CWE-79) - CVE-2023-3332

CVSS v3 CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N Base Score: 4.3

CVSS v2 AV:A/AC:M/Au:S/C:N/I:P/A:N Base Score: 2.3
OS command injection (CWE-78) - CVE-2023-3333

CVSS v3 CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score: 6.8

CVSS v2 A/AC:L/Au:S/C:C/I:C/A:C Base Score: 7.7

Impact

An authenticated attacker may obtain specific files in the product - CVE-2023-3330
An authenticated attacker may delete specific files in the product - CVE-2023-3331
After obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities, the attacker may execute an arbitrary script - CVE-2023-3332
After obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities, the attacker may execute an arbitrary OS command with the root privilege - CVE-2023-3333

Solution

Stop using the products
The affected products are no longer supported. Stop using the vulnerable products and consider switching to alternatives.

Apply a workaround
The developer states there is no plan to provide firmware updates for the affected products, therefore recommends users to apply workarounds to mitigate the impacts of the vulnerabilities before switching to alternatives.

For details, refer to the information provided by the developer.

Vendor Status

Vendor	Status	Last Update	Vendor Notes
NEC Corporation	Vulnerable	2023/06/27

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE	CVE-2023-3330
	CVE-2023-3331
	CVE-2023-3332
	CVE-2023-3333
JVN iPedia	JVNDB-2023-000066

Update History

2023/07/07: Updated [Title], [Overview], [Products Affected], [Description], and [Solution] sections as multiple products were found to be affected.

CVSS v3	CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N	Base Score: 2.6
CVSS v2	AV:A/AC:M/Au:S/C:P/I:N/A:N	Base Score: 2.3

CVSS v3	CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N	Base Score: 2.6
CVSS v2	AV:A/AC:M/Au:S/C:N/I:P/A:N	Base Score: 2.3

CVSS v3	CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N	Base Score: 4.3
CVSS v2	AV:A/AC:M/Au:S/C:N/I:P/A:N	Base Score: 2.3

CVSS v3	CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	Base Score: 6.8
CVSS v2	A/AC:L/Au:S/C:C/I:C/A:C	Base Score: 7.7

JVN#38343415 Multiple vulnerabilities in Aterm series