CVE-2023-3332

Improper Neutralization of Input During Web Page Generation vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allowsa attackerto

execute an arbitrary script, after obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.8 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
NECCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 19%
VendorProductVersion
necaterm_wf300hp_firmware
-
necaterm_wg1400hp_firmware
-
necaterm_wg1800hp_firmware
-
necaterm_wg1800hp2_firmware
-
necaterm_wg2200hp_firmware
-
necaterm_wg2600hp_firmware
-
necaterm_wg2600hp2_firmware
-
necaterm_wg300hp_firmware
-
necaterm_wg600hp_firmware
-
necaterm_wr8600n_firmware
-
necaterm_wr8700n_firmware
-
necaterm_wr8750n_firmware
-
necaterm_wr9300n_firmware
-
necaterm_wr9500n_firmware
-
necaterm_wr8170n_firmware
-
necaterm_wr8175n_firmware
-
necaterm_wr8370n_firmware
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://https://jpn.nec.com/security-info/secinfo/nv23-007_en.html
https://https://jpn.nec.com/security-info/secinfo/nv23-007_en.html