CVE-2023-3330

Summary

Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to obtain specific files in the product.

Affected Software

VendorProductVersion RangeStatus
NEC CorporationAterm WG2600HP2all versionsaffected
NEC CorporationAterm WG2600HPall versionsaffected
NEC CorporationAterm WG2200HPall versionsaffected
NEC CorporationAterm WG2200HPall versionsaffected
NEC CorporationAterm WG1800HP2all versionsaffected
NEC CorporationAterm WG1800HPall versionsaffected
NEC CorporationAterm WG1400HPall versionsaffected
NEC CorporationAterm WG600HPall versionsaffected
NEC CorporationAterm WG300HPall versionsaffected
NEC CorporationAterm WF300HPall versionsaffected
NEC CorporationAterm WR9500Nall versionsaffected
NEC CorporationAterm WR9300Nall versionsaffected
NEC CorporationAterm WR8750Nall versionsaffected
NEC CorporationAterm WR8700Nall versionsaffected
NEC CorporationAterm WR8600Nall versionsaffected
NEC CorporationAterm WR8370Nall versionsaffected
NEC CorporationAterm WR8175Nall versionsaffected
NEC CorporationAterm WR8170Nall versionsaffected

Weaknesses

  • CWE-22: CWE-22: Improper Limitation of a Pathname to a Restricted Directory

Workarounds

Stop using the products or remove the USB storage.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References