CVE-2018-16195
HIGHAterm WF1200CR Firmware < 1.1.1 and Aterm WG1200CR Firmware < 1.0.1 - OS Command Injection via SOAP Interface of UPnP
Title source: llmDescription
Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands via SOAP interface of UPnP.
References (2)
Core 2
Core References
Third Party Advisory third-party-advisory
x_refsource_jvn
https://jvn.jp/en/jp/JVN87535892/index.html
Vendor Advisory x_refsource_misc
https://jpn.nec.com/security-info/secinfo/nv18-021.html
Scores
CVSS v3
8.8
EPSS
0.0073
EPSS Percentile
49.6%
Attack Vector
ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (2)
nec/aterm_wf1200cr_firmware
< 1.1.1
nec/aterm_wg1200cr_firmware
< 1.0.1
Published
Jan 09, 2019
Tracked Since
Feb 18, 2026