Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

aterm

Source -

NVD

BOS Name -

N/A

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

11
Related CVEsRelated ProductsRelated AssignersReports
11Vulnerabilities found
CVE-2021-20710
Assigner-JPCERT/CC
ShareView Details
Assigner-JPCERT/CC
CVSS Score-6.1||MEDIUM
EPSS-0.32% / 54.22%
||
7 Day CHG~0.00%
Published-26 Apr, 2021 | 00:20
Updated-03 Aug, 2024 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting vulnerability in Aterm WG2600HS firmware Ver1.5.1 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.

Action-Not Available
Vendor-atermNEC Corporation
Product-wg2600hs_firmwarewg2600hsAterm WG2600HS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-20622
Assigner-JPCERT/CC
ShareView Details
Assigner-JPCERT/CC
CVSS Score-6.1||MEDIUM
EPSS-0.46% / 63.36%
||
7 Day CHG~0.00%
Published-28 Jan, 2021 | 10:00
Updated-03 Aug, 2024 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.

Action-Not Available
Vendor-atermNEC Corporation
Product-wg2600hp2_firmwarewg2600hp_firmwarewg2600hpwg2600hp2Aterm WG2600HP and Aterm WG2600HP2
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-20621
Assigner-JPCERT/CC
ShareView Details
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.15% / 36.81%
||
7 Day CHG~0.00%
Published-28 Jan, 2021 | 10:00
Updated-03 Aug, 2024 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

Action-Not Available
Vendor-atermNEC Corporation
Product-wg2600hp2_firmwarewg2600hp_firmwarewg2600hpwg2600hp2Aterm WG2600HP and Aterm WG2600HP2
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-20620
Assigner-JPCERT/CC
ShareView Details
Assigner-JPCERT/CC
CVSS Score-6.1||MEDIUM
EPSS-0.46% / 63.36%
||
7 Day CHG~0.00%
Published-28 Jan, 2021 | 10:00
Updated-03 Aug, 2024 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting vulnerability in Aterm WF800HP firmware Ver1.0.9 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.

Action-Not Available
Vendor-atermNEC Corporation
Product-wg2600hp_firmwarewg2600hpAterm WF800HP
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-12575
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.68% / 70.56%
||
7 Day CHG~0.00%
Published-24 Aug, 2018 | 19:00
Updated-05 Aug, 2024 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on the NEC Aterm WG2600HP2 1.0.2. The router has a set of web service APIs for access to and setup of the configuration. Some APIs don't require authentication. An attacker could exploit this vulnerability by sending a crafted HTTP request to retrieve DHCP clients, firmware version, and network status (ex.: curl -X http://[IP]/aterm_httpif.cgi/negotiate -d "REQ_ID=SUPPORT_IF_GET").

Action-Not Available
Vendor-atermn/a
Product-wg2600hp2_firmwarewg2600hp2n/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2016-1168
Assigner-JPCERT/CC
ShareView Details
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.13% / 33.06%
||
7 Day CHG~0.00%
Published-01 Apr, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability on NEC Aterm WF800HP devices with firmware 1.0.17 and earlier allows remote attackers to hijack the authentication of arbitrary users.

Action-Not Available
Vendor-atermn/a
Product-wf800hpwf800hp_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-1167
Assigner-JPCERT/CC
ShareView Details
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.13% / 33.06%
||
7 Day CHG~0.00%
Published-01 Apr, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability on NEC Aterm WG300HP devices allows remote attackers to hijack the authentication of arbitrary users.

Action-Not Available
Vendor-atermn/a
Product-wg300hpwg300hp_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2014-8361
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-94.03% / 99.89%
||
7 Day CHG~0.00%
Published-01 May, 2015 | 00:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-10-09||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.

Action-Not Available
Vendor-atermn/aD-Link CorporationRealtek Semiconductor Corp.
Product-w300pdir-900ldir-615dir-605l_firmwaredir-619l_firmwarewg1800hp3_firmwaredir-600l_firmwarewg1900hp2w1200exw1200ex-mswf800hpwg1200hp3wf300hp2_firmwarewg1200hp_firmwarew1200ex-ms_firmwarewg1800hp3wg1800hp4dir-809_firmwaredir-900l_firmwaredir-515dir-809wg1900hp2_firmwarewg1900hpwf300hp2dir-501_firmwarew500pdir-501wr8165n_firmwaredir-600lwg1200hs2_firmwaredir-905lwg1200hp2wr8165nrealtek_sdkwg1200hp2_firmwaredir-619lwf800hp_firmwarewg1900hp_firmwaredir-615_firmwarewg1200hpdir-605ldir-515_firmwarewg1200hp3_firmwarewg1200hs_firmwarew300p_firmwarewg1200hswg1800hp4_firmwaredir-905l_firmwarewg1200hs2w500p_firmwarew1200ex_firmwaren/aSDK
CVE-2008-1142
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-3.7||LOW
EPSS-0.06% / 20.15%
||
7 Day CHG~0.00%
Published-07 Apr, 2008 | 17:00
Updated-07 Aug, 2024 | 08:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine.

Action-Not Available
Vendor-rxvt-unicoderxvtatermmrxvtetermwtermmulti-atermn/a
Product-wtermmulti-atermmrxvtrxvt-unicodeatermetermrxvtn/a
CWE ID-CWE-264
Not Available
CVE-2003-0024
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.67% / 70.41%
||
7 Day CHG~0.00%
Published-01 Sep, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The menuBar feature in aterm 0.42 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu.

Action-Not Available
Vendor-atermn/a
Product-atermn/a
CVE-2003-0067
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.72% / 71.62%
||
7 Day CHG~0.00%
Published-01 Sep, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The aterm terminal emulator 0.42 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.

Action-Not Available
Vendor-atermn/a
Product-atermn/a