CVE-2021-20621

HIGH

Aterm WG2600HP and WG2600HP2 Firmware < 1.0.2 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Description

Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

References (3)

Core 3
Core References
Patch, Vendor Advisory x_refsource_misc
https://www.aterm.jp/support/tech/2019/0328.html
Third Party Advisory x_refsource_misc
https://jpn.nec.com/security-info/secinfo/nv21-005.html
Third Party Advisory x_refsource_misc
https://jvn.jp/en/jp/JVN38248512/index.html

Scores

CVSS v3 8.8
EPSS 0.0065
EPSS Percentile 46.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (2)
aterm/wg2600hp2_firmware < 1.0.2
aterm/wg2600hp_firmware < 1.0.2
Published Jan 28, 2021
Tracked Since Feb 18, 2026