Vulnerability Description
Improper access control vulnerability in NEC Aterm WG2600HS firmware Ver1.5.1 and earlier, and Aterm WX3000HP firmware Ver1.1.2 and earlier allows a device connected to the LAN side to be accessed from the WAN side due to the defect in the IPv6 firewall function.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nec | Aterm Wg2600Hs Firmware | <= 1.5.1 |
| Nec | Aterm Wg2600Hs | - |
| Nec | Aterm Wx3000Hp Firmware | <= 1.1.2 |
| Nec | Aterm Wx3000Hp | - |
References
- https://jpn.nec.com/security-info/secinfo/nv21-010.htmlMitigationVendor Advisory
- https://jvn.jp/en/jp/JVN29739718/index.htmlThird Party Advisory
- https://jpn.nec.com/security-info/secinfo/nv21-010.htmlMitigationVendor Advisory
- https://jvn.jp/en/jp/JVN29739718/index.htmlThird Party Advisory
FAQ
What is CVE-2021-20712?
CVE-2021-20712 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Improper access control vulnerability in NEC Aterm WG2600HS firmware Ver1.5.1 and earlier, and Aterm WX3000HP firmware Ver1.1.2 and earlier allows a device connected to the LAN side to be accessed fro...
How severe is CVE-2021-20712?
CVE-2021-20712 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-20712?
Check the references section above for vendor advisories and patch information. Affected products include: Nec Aterm Wg2600Hs Firmware, Nec Aterm Wg2600Hs, Nec Aterm Wx3000Hp Firmware, Nec Aterm Wx3000Hp.