CVE-2023-3332

Summary

Improper Neutralization of Input During Web Page Generation vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to 

execute an arbitrary script, after obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities.

Affected Software

VendorProductVersion RangeStatus
NEC CorporationAterm WG2600HP2all versionsaffected
NEC CorporationAterm WG2600HPall versionsaffected
NEC CorporationAterm WG2200HPall versionsaffected
NEC CorporationAterm WG2200HPall versionsaffected
NEC CorporationAterm WG1800HP2all versionsaffected
NEC CorporationAterm WG1800HPall versionsaffected
NEC CorporationAterm WG1400HPall versionsaffected
NEC CorporationAterm WG600HPall versionsaffected
NEC CorporationAterm WG300HPall versionsaffected
NEC CorporationAterm WF300HPall versionsaffected
NEC CorporationAterm WR9500Nall versionsaffected
NEC CorporationAterm WR9300Nall versionsaffected
NEC CorporationAterm WR8750Nall versionsaffected
NEC CorporationAterm WR8700Nall versionsaffected
NEC CorporationAterm WR8600Nall versionsaffected
NEC CorporationAterm WR8370Nall versionsaffected
NEC CorporationAterm WR8175Nall versionsaffected
NEC CorporationAterm WR8170Nall versionsaffected

Weaknesses

  • CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation

Workarounds

Stop using the products or remove the USB storage.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References