CVE-2022-25621

high-risk

Published 2022-03-11

UUNIVERGE WA 1020 Ver8.2.11 and prior, UNIVERGE WA 1510 Ver8.2.11 and prior, UNIVERGE WA 1511 Ver8.2.11 and prior, UNIVERGE WA 1512 Ver8.2.11 and prior, UNIVERGE WA 2020 Ver8.2.11 and prior, UNIVERGE WA 2021 Ver8.2.11 and prior, UNIVERGE WA 2610-AP Ver8.2.11 and prior, UNIVERGE WA 2611-AP Ver8.2.11 and prior, UNIVERGE WA 2611E-AP Ver8.2.11 and prior, UNIVERGE WA WA2612-AP Ver8.2.11 and prior allows a remote attacker to execute arbitrary OS commands.

Do I need to act?

0.96% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (10)

Univerge Wa1020 Firmware

Univerge Wa1510 Firmware

Univerge Wa1511 Firmware

Univerge Wa1512 Firmware

Univerge Wa2020 Firmware

Univerge Wa2021 Firmware

Univerge Wa2610-Ap Firmware

Univerge Wa2611-Ap Firmware

Univerge Wa2611E-Ap Firmware

Univerge Wa2612-Ap Firmware

Affected Vendors

Nec

References (2)

Vendor Advisory https://jpn.nec.com/security-info/secinfo/nv22-004_en.html

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 3/34 · Minimal

Exposure 16/34 · Moderate