{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-3331","assignerOrgId":"f2760a35-e0d8-4637-ac4c-cc1a2de3e282","state":"PUBLISHED","assignerShortName":"NEC","dateReserved":"2023-06-20T01:14:08.079Z","datePublished":"2023-06-28T01:19:45.378Z","dateUpdated":"2024-12-04T20:49:51.994Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unknown","product":"Aterm WG2600HP2","vendor":"NEC Corporation","versions":[{"status":"affected","version":"all versions"}]},{"defaultStatus":"unaffected","product":"Aterm WG2600HP","vendor":"NEC Corporation","versions":[{"status":"affected","version":"all versions"}]},{"defaultStatus":"unaffected","product":"Aterm WG2200HP","vendor":"NEC Corporation","versions":[{"status":"affected","version":"all versions"}]},{"defaultStatus":"unaffected","product":"Aterm WG2200HP","vendor":"NEC Corporation","versions":[{"status":"affected","version":"all versions"}]},{"defaultStatus":"unaffected","product":"Aterm WG1800HP2","vendor":"NEC Corporation","versions":[{"status":"affected","version":"all versions"}]},{"defaultStatus":"unaffected","product":"Aterm WG1800HP","vendor":"NEC Corporation","versions":[{"status":"affected","version":"all versions"}]},{"defaultStatus":"unaffected","product":"Aterm WG1400HP","vendor":"NEC Corporation","versions":[{"status":"affected","version":"all versions"}]},{"defaultStatus":"unaffected","product":"Aterm WG600HP","vendor":"NEC Corporation","versions":[{"status":"affected","version":"all versions"}]},{"defaultStatus":"unaffected","product":"Aterm WG300HP","vendor":"NEC Corporation","versions":[{"status":"affected","version":"all versions"}]},{"defaultStatus":"unaffected","product":"Aterm WF300HP","vendor":"NEC Corporation","versions":[{"status":"affected","version":"all versions"}]},{"defaultStatus":"unaffected","product":"Aterm WR9500N","vendor":"NEC Corporation","versions":[{"status":"affected","version":"all versions"}]},{"defaultStatus":"unaffected","product":"Aterm WR9300N","vendor":"NEC Corporation","versions":[{"status":"affected","version":"all versions"}]},{"defaultStatus":"unaffected","product":"Aterm WR8750N","vendor":"NEC Corporation","versions":[{"status":"affected","version":"all versions"}]},{"defaultStatus":"unaffected","product":"Aterm WR8700N","vendor":"NEC Corporation","versions":[{"status":"affected","version":"all versions"}]},{"defaultStatus":"unaffected","product":"Aterm WR8600N","vendor":"NEC Corporation","versions":[{"status":"affected","version":"all versions"}]},{"defaultStatus":"unaffected","product":"Aterm WR8370N","vendor":"NEC Corporation","versions":[{"status":"affected","version":"all versions"}]},{"defaultStatus":"unaffected","product":"Aterm WR8175N","vendor":"NEC Corporation","versions":[{"status":"affected","version":"all versions"}]},{"defaultStatus":"unaffected","product":"Aterm WR8170N","vendor":"NEC Corporation","versions":[{"status":"affected","version":"all versions"}]}],"credits":[{"lang":"en","type":"reporter","user":"00000000-0000-4000-9000-000000000000","value":"Mr. Taizoh Tsukamoto in Mitsui Bussan Secure Directions, Inc."}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows&nbsp;<span style=\"background-color: var(--wht);\">a attacker&nbsp;</span><span style=\"background-color: var(--wht);\">to<span style=\"background-color: rgb(255, 255, 255);\">&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">delete</span>\n\n specific files in the product</span></span><span style=\"background-color: var(--wht);\">.</span>"}],"value":"Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to delete\n\n specific files in the product."}],"problemTypes":[{"descriptions":[{"cweId":"CWE-22","description":"CWE-22: Improper Limitation of a Pathname to a Restricted Directory","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"f2760a35-e0d8-4637-ac4c-cc1a2de3e282","shortName":"NEC","dateUpdated":"2023-07-03T02:10:13.150Z"},"references":[{"url":"https://https://jpn.nec.com/security-info/secinfo/nv23-007_en.html"}],"source":{"discovery":"EXTERNAL"},"workarounds":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\n\nStop using the products or remove the USB storage.<br>"}],"value":"\nStop using the products or remove the USB storage.\n"}],"x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T06:55:02.734Z"},"title":"CVE Program Container","references":[{"url":"https://https://jpn.nec.com/security-info/secinfo/nv23-007_en.html","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-12-04T20:47:49.905817Z","id":"CVE-2023-3331","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-12-04T20:49:51.994Z"}}]}}