[Japanese]

JVNDB-2021-000030

Multiple vulnerabilities in Aterm WF1200CR, Aterm WG1200CR, Aterm WG2600HS, and Aterm WX3000HP

Overview

Aterm WF1200CR, Aterm WG1200CR, Aterm WG2600HS, and Aterm WX3000HP provided by NEC Corporation contain multiple vulnerabilities listed below.

Aterm WF1200CR, Aterm WG1200CR, and Aterm WG2600HS
*OS Command Injection (CWE-78) - CVE-2021-20708
*Improper Validation of Integrity Check Value (CWE-354) - CVE-2021-20709
Aterm WG2600HS
*Cross-site Scripting (CWE-79) - CVE-2021-20710
*OS Command Injection (CWE-78) - CVE-2021-20711
Aterm WG2600HS, and WX3000HP
*Improper Access Control (CWE-284) - CVE-2021-20712

CVE-2021-20708 and CVE-2021-20709
Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

CVE-2021-20710 and CVE-2021-20711
Satoru Nagaoka of Cyber Defense Institute, Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

CVE-2021-20712
Yoshimitsu Kato reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 8.8 (High) [IPA Score]
  • Attack Vector: Adjacent Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
CVSS V2 Severity:
Base Metrics 8.3 (High) [IPA Score]
  • Access Vector: Adjacent Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Complete
  • Integrity Impact: Complete
  • Availability Impact: Complete
The above CVSS base scores have been assigned for CVE-2021-20711


CVSS V3 Severity:
Base Metrics: 6.8 (Medium) [IPA Score]
  • Attack Vector: Adjacent
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
CVSS V2 Severity:
Base Metrics: 5.2 (Medium) [IPA Score]
  • Access Vector: Adjacent Network
  • Access Complexity: Low
  • Authentication: Single
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial
The above CVSS base scores have been assigned for CVE-2021-20708


CVSS V3 Severity:
Base Metrics: 6.8 (Medium) [IPA Score]
  • Attack Vector: Adjacent
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
CVSS V2 Severity:
Base Metrics: 5.2 (Medium) [IPA Score]
  • Access Vector: Adjacent Network
  • Access Complexity: Low
  • Authentication: Single
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial
The above CVSS base scores have been assigned for CVE-2021-20709


CVSS V3 Severity:
Base Metrics: 6.1 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics: 2.6 (Low) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2021-20710


CVSS V3 Severity:
Base Metrics: 5.3 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: None
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics: 5.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2021-20712
Affected Products


NEC Corporation
  • Aterm WF1200CR firmware 1.3.2 and earlier
  • Aterm WG1200CR firmware 1.3.3 and earlier
  • Aterm WG2600HS firmware firmware 1.5.1 and earlier
  • Aterm WX3000HP firmware 1.1.2 and earlier

Impact

The expected impact depends on each vulnerability, but it may be affected as follows.
*If an attacker who can access the device sends a specially crafted request to a specific URL, an arbitrary command may be executed - CVE-2021-20708
*If a user sends a specially crafted request to a specific URL while logging into the management screen of the device, an arbitrary command may be executed - CVE-2021-20709
*An arbitrary script may be executed on the user's web browser - CVE-2021-20710
*An attacker who can access the management screen of the device may execute an arbitrary command - CVE-2021-20711
*Because of the defect in the IPv6 firewall function, devices connected to the LAN side may be accessed from the WAN side etc - CVE-2021-20712
Solution

[Update the firmware]
Apply the appropriate firmware update according to the information provided by the developer.
Vendor Information

NEC Corporation
CWE (What is CWE?)

  1. Improper Input Validation(CWE-20) [IPA Evaluation]
  2. Improper Access Control(CWE-284) [IPA Evaluation]
  3. OS Command Injection(CWE-78) [IPA Evaluation]
  4. Cross-site Scripting(CWE-79) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2021-20708
  2. CVE-2021-20709
  3. CVE-2021-20710
  4. CVE-2021-20711
  5. CVE-2021-20712
References

  1. JVN : JVN#29739718
  2. National Vulnerability Database (NVD) : CVE-2021-20708
  3. National Vulnerability Database (NVD) : CVE-2021-20709
  4. National Vulnerability Database (NVD) : CVE-2021-20710
  5. National Vulnerability Database (NVD) : CVE-2021-20711
  6. National Vulnerability Database (NVD) : CVE-2021-20712
Revision History

  • [2021/04/09]
      Web page was published