Multiple vulnerabilities in Aterm series

Number:NV23-007
CVE:CVE-2023-3330, CVE-2023-3331, CVE-2023-3332, CVE-2023-3333
JVN:JVN#38343415

Overview

CVE-2023-3330: File Viewing Vulnerability.
CVE-2023-3331: File deletion vulnerability.
CVE-2023-3332: An attacker who has obtained high privileges can execute arbitrary scripts.
CVE-2023-3333: An attacker who has obtained high privileges can execute arbitrary OS commands as root.

Products Affected

Aterm

Affected Version

All versions listed below

WG2600HP2
WG2600HP
WG2200HP
WG1800HP2
WG1800HP
WG1400HP
WG600HP
WG300HP
WF300HP
WR9500N
WR9300N
WR8750N
WR8700N
WR8600N
WR8370N
WR8175N
WR8170N

Solution

These products are no longer supported. Please replace the product or apply a workaround.
https://www.aterm.jp/support/tech/2023/0627.html

References

CVE
https://www.cve.org/CVERecord?id=CVE-2023-3330
https://www.cve.org/CVERecord?id=CVE-2023-3331
https://www.cve.org/CVERecord?id=CVE-2023-3332
https://www.cve.org/CVERecord?id=CVE-2023-3333

JVN
https://jvn.jp/en/jp/JVN38343415/index.html

Aterm
https://www.aterm.jp/support/tech/2023/0627.html

Credit

reported by Mr. Taizoh Tsukamoto in Mitsui Bussan Secure Directions, Inc. through IPA.

Update

2023/07/03: Update Products Affected and References.
2023/06/27: First edition.

サイト内の現在位置