CVE-2018-16195

HIGH

Aterm WF1200CR Firmware < 1.1.1 and Aterm WG1200CR Firmware < 1.0.1 - OS Command Injection via SOAP Interface of UPnP

Title source: llm
STIX 2.1

Description

Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands via SOAP interface of UPnP.

References (2)

Core 2
Core References
Third Party Advisory third-party-advisory x_refsource_jvn
https://jvn.jp/en/jp/JVN87535892/index.html

Scores

CVSS v3 8.8
EPSS 0.0073
EPSS Percentile 49.6%
Attack Vector ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (2)
nec/aterm_wf1200cr_firmware < 1.1.1
nec/aterm_wg1200cr_firmware < 1.0.1
Published Jan 09, 2019
Tracked Since Feb 18, 2026