CVE-2023-3333

moderate-risk
Published 2023-06-28

Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to execute an arbitrary OS command with the root privilege, after obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities.

Do I need to act?

-
0.10% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.2/10 High
NETWORK / LOW complexity

Affected Products (17)

Aterm Wf300Hp Firmware
Aterm Wg1400Hp Firmware
Aterm Wg1800Hp Firmware
Aterm Wg1800Hp2 Firmware
Aterm Wg2200Hp Firmware
Aterm Wg2600Hp Firmware
Aterm Wg2600Hp2 Firmware
Aterm Wg300Hp Firmware
Aterm Wg600Hp Firmware
Aterm Wr8600N Firmware
Aterm Wr8700N Firmware
Aterm Wr8750N Firmware
Aterm Wr9300N Firmware
Aterm Wr9500N Firmware
Aterm Wr8170N Firmware
Aterm Wr8175N Firmware
Aterm Wr8370N Firmware

Affected Vendors

Nec

References (2)

Broken Link https://https://jpn.nec.com/security-info/secinfo/nv23-007_en.html
Broken Link https://https://jpn.nec.com/security-info/secinfo/nv23-007_en.html
45
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 0/34 · Minimal
Exposure 19/34 · Moderate