AtermCVEs & Vulnerabilities

11 CVEs affecting Aterm products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

aterm 17wg2600hp firmware 3wg2600hp 3wg2600hp2 firmware 3wg2600hp2 3wf800hp firmware 2wf800hp 2w300p firmware 1
CVE-2014-8361KEVCRITICALin the wild

The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.

18 Sep 2023
9.8
CVSS
CVE-2021-20710MEDIUM

Cross-site scripting vulnerability in Aterm WG2600HS firmware Ver1.5.1 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.

26 Apr 2021
6.1
CVSS
CVE-2021-20622MEDIUM

Cross-site scripting vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.

28 Jan 2021
6.1
CVSS
CVE-2021-20621HIGH

Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

28 Jan 2021
8.8
CVSS
CVE-2021-20620MEDIUM

Cross-site scripting vulnerability in Aterm WF800HP firmware Ver1.0.9 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.

28 Jan 2021
6.1
CVSS
CVE-2017-12575HIGH

An issue was discovered on the NEC Aterm WG2600HP2 1.0.2. The router has a set of web service APIs for access to and setup of the configuration. Some APIs don't require authentication. An attacker could exploit this vulnerability by sending a crafted HTTP request to retrieve DHCP clients, firmware version, and network status (ex.: curl -X http://[IP]/aterm_httpif.cgi/negotiate -d "REQ_ID=SUPPORT_IF_GET").

24 Aug 2018
7.5
CVSS
CVE-2016-1168HIGH

Cross-site request forgery (CSRF) vulnerability on NEC Aterm WF800HP devices with firmware 1.0.17 and earlier allows remote attackers to hijack the authentication of arbitrary users.

1 Apr 2016
8.8
CVSS
CVE-2016-1167HIGH

Cross-site request forgery (CSRF) vulnerability on NEC Aterm WG300HP devices allows remote attackers to hijack the authentication of arbitrary users.

1 Apr 2016
8.8
CVSS
CVE-2008-1142LOW

rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine.

7 Apr 2008
3.7
CVSS
CVE-2003-0067HIGH

The aterm terminal emulator 0.42 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.

18 Mar 2003
7.5
CVSS
CVE-2003-0024HIGH

The menuBar feature in aterm 0.42 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu.

3 Mar 2003
7.5
CVSS
← PrevPage 1 / 1Next →