Cross-site scripting vulnerability in NEC Corporation... · CVE-2025-0354 · GitHub Advisory Database · GitHub

Cross-site scripting vulnerability in NEC Corporation...

High severity Unreviewed Published Jan 15, 2025 to the GitHub Advisory Database

Package

No package listed— Suggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

Cross-site scripting vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WG2600HP4 Ver.1.4.2 and earlier, WG2600HM4 Ver.1.4.2 and earlier, WG2600HS2 Ver.1.3.2 and earlier, WX3000HP Ver.2.4.2 and earlier and WX4200D5 Ver.1.2.4 and earlier allows a attacker to inject an arbitrary script via the internet.

References

Published by the National Vulnerability Database

Jan 15, 2025

Published to the GitHub Advisory Database Jan 15, 2025

Severity

High

/ 10

CVSS v3 base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

High

User interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H