Vulnerabilities > Aterm
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-26 | CVE-2021-20710 | Cross-site Scripting vulnerability in Aterm Wg2600Hs Firmware Cross-site scripting vulnerability in Aterm WG2600HS firmware Ver1.5.1 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors. | 6.1 |
| 2021-01-28 | CVE-2021-20622 | Cross-site Scripting vulnerability in Aterm Wg2600Hp2 Firmware and Wg2600Hp Firmware Cross-site scripting vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors. | 6.1 |
| 2021-01-28 | CVE-2021-20621 | Cross-Site Request Forgery (CSRF) vulnerability in Aterm Wg2600Hp2 Firmware and Wg2600Hp Firmware Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 8.8 |
| 2021-01-28 | CVE-2021-20620 | Cross-site Scripting vulnerability in Aterm Wg2600Hp Firmware Cross-site scripting vulnerability in Aterm WF800HP firmware Ver1.0.9 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors. | 6.1 |
| 2018-08-24 | CVE-2017-12575 | Missing Authentication for Critical Function vulnerability in Aterm Wg2600Hp2 Firmware 1.0.2 An issue was discovered on the NEC Aterm WG2600HP2 1.0.2. | 7.5 |
| 2016-04-01 | CVE-2016-1168 | Cross-Site Request Forgery (CSRF) vulnerability in Aterm Wf800Hp Firmware 1.0.17 Cross-site request forgery (CSRF) vulnerability on NEC Aterm WF800HP devices with firmware 1.0.17 and earlier allows remote attackers to hijack the authentication of arbitrary users. | 8.8 |
| 2016-04-01 | CVE-2016-1167 | Cross-Site Request Forgery (CSRF) vulnerability in Aterm Wg300Hp Firmware 1.0.8 Cross-site request forgery (CSRF) vulnerability on NEC Aterm WG300HP devices allows remote attackers to hijack the authentication of arbitrary users. | 8.8 |
| 2015-05-01 | CVE-2014-8361 | The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023. | 9.8 |