Description
Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to obtain specific files in the product.
References (1)
Core 1
Core References
Various Sources
https://jpn.nec.com/security-info/secinfo/nv23-007_en.html
Scores
CVSS v3
4.3
EPSS
0.0042
EPSS Percentile
33.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (17)
nec/aterm_wf300hp_firmware
nec/aterm_wg1400hp_firmware
nec/aterm_wg1800hp2_firmware
nec/aterm_wg1800hp_firmware
nec/aterm_wg2200hp_firmware
nec/aterm_wg2600hp2_firmware
nec/aterm_wg2600hp_firmware
nec/aterm_wg300hp_firmware
nec/aterm_wg600hp_firmware
nec/aterm_wr8170n_firmware
... and 7 more
Published
Jun 28, 2023
Tracked Since
Feb 18, 2026