CVE-2020-5524

HIGH

NEC Aterm WF1200C/WG1200CR/WG2600HS Firmware - Unauthenticated Remote Code Execution via UPnP Function

Title source: manual
STIX 2.1

Description

Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands with root privileges via UPnP function.

References (3)

Core 3
Core References
Not Applicable, Third Party Advisory x_refsource_misc
https://jvn.jp/en/jp/JVN49410695/index.html
Not Applicable, Third Party Advisory x_refsource_misc
https://jpn.nec.com/security-info/secinfo/nv20-003.html
Third Party Advisory
https://jvn.jp/en/jp/JVN25766797/

Scores

CVSS v3 8.8
EPSS 0.0102
EPSS Percentile 59.0%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (3)
nec/aterm_wf1200c_firmware < 1.2.1
nec/aterm_wg1200cr_firmware < 1.2.1
nec/aterm_wg2600hs_firmware < 1.3.2
Published Feb 21, 2020
Tracked Since Feb 18, 2026