Refine your search
3 vulnerabilities found for Aterm SA3500G by NEC Corporation
CVE-2020-5637 (GCVE-0-2020-5637)
Vulnerability from cvelistv5
Published
2020-12-14 02:25
Modified
2024-08-04 08:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Validation of Integrity Check Value
Summary
Improper validation of integrity check value vulnerability in Aterm SA3500G firmware versions prior to Ver. 3.5.9 allows an attacker with an administrative privilege to execute a malicious program.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NEC Corporation | Aterm SA3500G |
Version: firmware versions prior to Ver. 3.5.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:25.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.necplatforms.co.jp/product/security_ap/info_20201211.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN55917325/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/jp/JVN55917325/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aterm SA3500G",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to Ver. 3.5.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper validation of integrity check value vulnerability in Aterm SA3500G firmware versions prior to Ver. 3.5.9 allows an attacker with an administrative privilege to execute a malicious program."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Validation of Integrity Check Value",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-14T02:25:52.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.necplatforms.co.jp/product/security_ap/info_20201211.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN55917325/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/jp/JVN55917325/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5637",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aterm SA3500G",
"version": {
"version_data": [
{
"version_value": "firmware versions prior to Ver. 3.5.9"
}
]
}
}
]
},
"vendor_name": "NEC Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper validation of integrity check value vulnerability in Aterm SA3500G firmware versions prior to Ver. 3.5.9 allows an attacker with an administrative privilege to execute a malicious program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Validation of Integrity Check Value"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.necplatforms.co.jp/product/security_ap/info_20201211.html",
"refsource": "MISC",
"url": "https://www.necplatforms.co.jp/product/security_ap/info_20201211.html"
},
{
"name": "https://jvn.jp/en/jp/JVN55917325/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN55917325/index.html"
},
{
"name": "https://jvn.jp/jp/JVN55917325/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/jp/JVN55917325/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5637",
"datePublished": "2020-12-14T02:25:52.000Z",
"dateReserved": "2020-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:39:25.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5635 (GCVE-0-2020-5635)
Vulnerability from cvelistv5
Published
2020-12-14 02:25
Modified
2024-08-04 08:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- OS Command Injection
Summary
Aterm SA3500G firmware versions prior to Ver. 3.5.9 allows an attacker on the adjacent network to send a specially crafted request to a specific URL, which may result in an arbitrary command execution.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NEC Corporation | Aterm SA3500G |
Version: firmware versions prior to Ver. 3.5.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:25.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.necplatforms.co.jp/product/security_ap/info_20201211.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN55917325/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/jp/JVN55917325/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aterm SA3500G",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to Ver. 3.5.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Aterm SA3500G firmware versions prior to Ver. 3.5.9 allows an attacker on the adjacent network to send a specially crafted request to a specific URL, which may result in an arbitrary command execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-14T02:25:51.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.necplatforms.co.jp/product/security_ap/info_20201211.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN55917325/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/jp/JVN55917325/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5635",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aterm SA3500G",
"version": {
"version_data": [
{
"version_value": "firmware versions prior to Ver. 3.5.9"
}
]
}
}
]
},
"vendor_name": "NEC Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Aterm SA3500G firmware versions prior to Ver. 3.5.9 allows an attacker on the adjacent network to send a specially crafted request to a specific URL, which may result in an arbitrary command execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.necplatforms.co.jp/product/security_ap/info_20201211.html",
"refsource": "MISC",
"url": "https://www.necplatforms.co.jp/product/security_ap/info_20201211.html"
},
{
"name": "https://jvn.jp/en/jp/JVN55917325/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN55917325/index.html"
},
{
"name": "https://jvn.jp/jp/JVN55917325/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/jp/JVN55917325/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5635",
"datePublished": "2020-12-14T02:25:51.000Z",
"dateReserved": "2020-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:39:25.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5636 (GCVE-0-2020-5636)
Vulnerability from cvelistv5
Published
2020-12-14 02:25
Modified
2024-08-04 08:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- OS Command Injection
Summary
Aterm SA3500G firmware versions prior to Ver. 3.5.9 allows an attacker with an administrative privilege to send a specially crafted request to a specific URL, which may result in an arbitrary command execution.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NEC Corporation | Aterm SA3500G |
Version: firmware versions prior to Ver. 3.5.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:25.013Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.necplatforms.co.jp/product/security_ap/info_20201211.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN55917325/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/jp/JVN55917325/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aterm SA3500G",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to Ver. 3.5.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Aterm SA3500G firmware versions prior to Ver. 3.5.9 allows an attacker with an administrative privilege to send a specially crafted request to a specific URL, which may result in an arbitrary command execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-14T02:25:51.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.necplatforms.co.jp/product/security_ap/info_20201211.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN55917325/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/jp/JVN55917325/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5636",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aterm SA3500G",
"version": {
"version_data": [
{
"version_value": "firmware versions prior to Ver. 3.5.9"
}
]
}
}
]
},
"vendor_name": "NEC Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Aterm SA3500G firmware versions prior to Ver. 3.5.9 allows an attacker with an administrative privilege to send a specially crafted request to a specific URL, which may result in an arbitrary command execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.necplatforms.co.jp/product/security_ap/info_20201211.html",
"refsource": "MISC",
"url": "https://www.necplatforms.co.jp/product/security_ap/info_20201211.html"
},
{
"name": "https://jvn.jp/en/jp/JVN55917325/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN55917325/index.html"
},
{
"name": "https://jvn.jp/jp/JVN55917325/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/jp/JVN55917325/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5636",
"datePublished": "2020-12-14T02:25:51.000Z",
"dateReserved": "2020-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:39:25.013Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}