CVE-2023-3333

HIGH

NEC Aterm Series - Authenticated OS Command Injection

Title source: llm

Description

Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to execute an arbitrary OS command with the root privilege, after obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities.

References (1)

Core 1

Core References

Broken Link

https://https://jpn.nec.com/security-info/secinfo/nv23-007_en.html

Scores

CVSS v3 7.2

EPSS 0.0059

EPSS Percentile 43.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-78

Status published

Products (17)

nec/aterm_wf300hp_firmware

nec/aterm_wg1400hp_firmware

nec/aterm_wg1800hp2_firmware

nec/aterm_wg1800hp_firmware

nec/aterm_wg2200hp_firmware

nec/aterm_wg2600hp2_firmware

nec/aterm_wg2600hp_firmware

nec/aterm_wg300hp_firmware

nec/aterm_wg600hp_firmware

nec/aterm_wr8170n_firmware

... and 7 more

Published Jun 28, 2023

Tracked Since Feb 18, 2026