Arbitrary OS Command Execution in NEC Aterm Devices

Arbitrary OS Command Execution in NEC Aterm Devices

CVE-2021-20708 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

NEC Aterm devices (Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier) allow authenticated attackers to execute arbitrary OS commands by sending a specially crafted request to a specific URL.

Learn more about our Web Application Penetration Testing UK.