CVE-2020-5525
HIGHNEC Aterm Router Firmware - Authenticated OS Command Execution
Title source: manualDescription
Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via management screen.
References (2)
Core 2
Core References
Not Applicable, Third Party Advisory x_refsource_misc
https://jvn.jp/en/jp/JVN49410695/index.html
Not Applicable, Third Party Advisory x_refsource_misc
https://jpn.nec.com/security-info/secinfo/nv20-003.html
Scores
CVSS v3
8.0
EPSS
0.0087
EPSS Percentile
54.3%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (3)
nec/aterm_wf1200c_firmware
< 1.2.1
nec/aterm_wg1200cr_firmware
< 1.2.1
nec/aterm_wg2600hs_firmware
< 1.3.2
Published
Feb 21, 2020
Tracked Since
Feb 18, 2026