CVE-2021-20709

HIGH

NEC Aterm WF1200CR <1.3.2 - RCE

Title source: llm

Description

Improper validation of integrity check value vulnerability in NEC Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier allows an attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to a specific URL.

References (2)

[Mitigation, Vendor Advisory] https://jpn.nec.com/security-info/secinfo/nv21-010.html

[Third Party Advisory] https://jvn.jp/en/jp/JVN29739718/index.html

Scores

CVSS v3 7.2

EPSS 0.0026

EPSS Percentile 48.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-354

Status published

Products (3)

nec/aterm_wf1200cr_firmware < 1.3.2

nec/aterm_wg1200cr_firmware < 1.3.3

nec/aterm_wg2600hs_firmware < 1.5.1

Published Apr 26, 2021

Tracked Since Feb 18, 2026