CVE-2022-25621

Published on: Not Yet Published

Last Modified on: 03/22/2022 05:53:00 PM UTC

CVE-2022-25621

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Certain versions of Univerge Wa1020 from Nec contain the following vulnerability:

UUNIVERGE WA 1020 Ver8.2.11 and prior, UNIVERGE WA 1510 Ver8.2.11 and prior, UNIVERGE WA 1511 Ver8.2.11 and prior, UNIVERGE WA 1512 Ver8.2.11 and prior, UNIVERGE WA 2020 Ver8.2.11 and prior, UNIVERGE WA 2021 Ver8.2.11 and prior, UNIVERGE WA 2610-AP Ver8.2.11 and prior, UNIVERGE WA 2611-AP Ver8.2.11 and prior, UNIVERGE WA 2611E-AP Ver8.2.11 and prior, UNIVERGE WA WA2612-AP Ver8.2.11 and prior allows a remote attacker to execute arbitrary OS commands.

CVE-2022-25621 has been assigned by [email protected] to track the vulnerability - currently rated as CRITICAL severity.
Affected Vendor/Software: NEC Platforms, Ltd. - UNIVERGE DT version UNIVERGE WA 1020 Ver8.2.11 and prior, UNIVERGE WA 1510 Ver8.2.11 and prior, UNIVERGE WA 1511 Ver8.2.11 and prior, UNIVERGE WA 1512 Ver8.2.11 and prior, UNIVERGE WA 2020 Ver8.2.11 and prior, UNIVERGE WA 2021 Ver8.2.11 and prior, UNIVERGE WA 2610-AP Ver8.2.11 and prior, UNIVERGE WA 2611-AP Ver8.2.11 and prior, UNIVERGE WA 2611E-AP Ver8.2.11 and prior, UNIVERGE WA WA2612-AP Ver8.2.11 and prior,

CVSS3 Score: 9.8 - CRITICAL

Attack Vector ^ⓘ	Attack Complexity	Privileges Required	User Interaction
NETWORK	LOW	NONE	NONE
Scope	Confidentiality Impact	Integrity Impact	Availability Impact
UNCHANGED	HIGH	HIGH	HIGH

CVSS2 Score: 7.5 - HIGH

Access Vector^ⓘ	Access Complexity	Authentication
NETWORK	LOW	NONE
Confidentiality Impact	Integrity Impact	Availability Impact
PARTIAL	PARTIAL	PARTIAL

CVE References

Description	Tags ^ⓘ	Link
NV22-004_en: セキュリティ情報 \| NEC	jpn.nec.com text/html	MISC jpn.nec.com/security-info/secinfo/nv22-004_en.html

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

There are currently no QIDs associated with this CVE

Known Affected Configurations (CPE V2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Nec	Univerge Wa1020	-	All	All	All
Operating System	Nec	Univerge Wa1020 Firmware	All	All	All	All
Hardware	Nec	Univerge Wa1510	-	All	All	All
Operating System	Nec	Univerge Wa1510 Firmware	All	All	All	All
Hardware	Nec	Univerge Wa1511	-	All	All	All
Operating System	Nec	Univerge Wa1511 Firmware	All	All	All	All
Hardware	Nec	Univerge Wa1512	-	All	All	All
Operating System	Nec	Univerge Wa1512 Firmware	All	All	All	All
Hardware	Nec	Univerge Wa2020	-	All	All	All
Operating System	Nec	Univerge Wa2020 Firmware	All	All	All	All
Hardware	Nec	Univerge Wa2021	-	All	All	All
Operating System	Nec	Univerge Wa2021 Firmware	All	All	All	All
Hardware	Nec	Univerge Wa2610-ap	-	All	All	All
Operating System	Nec	Univerge Wa2610-ap Firmware	All	All	All	All
Hardware	Nec	Univerge Wa2611-ap	-	All	All	All
Operating System	Nec	Univerge Wa2611-ap Firmware	All	All	All	All
Hardware	Nec	Univerge Wa2611e-ap	-	All	All	All
Operating System	Nec	Univerge Wa2611e-ap Firmware	All	All	All	All
Hardware	Nec	Univerge Wa2612-ap	-	All	All	All
Operating System	Nec	Univerge Wa2612-ap Firmware	All	All	All	All

cpe:2.3:h:nec:univerge_wa1020:-:*:*:*:*:*:*:*:
cpe:2.3:o:nec:univerge_wa1020_firmware:*:*:*:*:*:*:*:*:
cpe:2.3:h:nec:univerge_wa1510:-:*:*:*:*:*:*:*:
cpe:2.3:o:nec:univerge_wa1510_firmware:*:*:*:*:*:*:*:*:
cpe:2.3:h:nec:univerge_wa1511:-:*:*:*:*:*:*:*:
cpe:2.3:o:nec:univerge_wa1511_firmware:*:*:*:*:*:*:*:*:
cpe:2.3:h:nec:univerge_wa1512:-:*:*:*:*:*:*:*:
cpe:2.3:o:nec:univerge_wa1512_firmware:*:*:*:*:*:*:*:*:
cpe:2.3:h:nec:univerge_wa2020:-:*:*:*:*:*:*:*:
cpe:2.3:o:nec:univerge_wa2020_firmware:*:*:*:*:*:*:*:*:
cpe:2.3:h:nec:univerge_wa2021:-:*:*:*:*:*:*:*:
cpe:2.3:o:nec:univerge_wa2021_firmware:*:*:*:*:*:*:*:*:
cpe:2.3:h:nec:univerge_wa2610-ap:-:*:*:*:*:*:*:*:
cpe:2.3:o:nec:univerge_wa2610-ap_firmware:*:*:*:*:*:*:*:*:
cpe:2.3:h:nec:univerge_wa2611-ap:-:*:*:*:*:*:*:*:
cpe:2.3:o:nec:univerge_wa2611-ap_firmware:*:*:*:*:*:*:*:*:
cpe:2.3:h:nec:univerge_wa2611e-ap:-:*:*:*:*:*:*:*:
cpe:2.3:o:nec:univerge_wa2611e-ap_firmware:*:*:*:*:*:*:*:*:
cpe:2.3:h:nec:univerge_wa2612-ap:-:*:*:*:*:*:*:*:
cpe:2.3:o:nec:univerge_wa2612-ap_firmware:*:*:*:*:*:*:*:*:

No vendor comments have been submitted for this CVE

Social Mentions

Source	Title	Posted (UTC)
@hogehuga	NECのUNIVERGE WAシリーズにおけるOSコマンドインジェクションの脆弱性（CVE-2022-25621）が公開されてた。WEBコンソール経由でイケそう。機器的に、NEC案件で利用、中小企業で利用、とかが多そうなイメー… twitter.com/i/web/status/1…	2022-03-10 08:40:07
@hogehuga	ref: jvn.jp/jp/JVN72801744/ jpn.nec.com/univerge/wa/in… <- RESERVED <- CVE ID Not Found	2022-03-10 08:40:07
@CVEreport	CVE-2022-25621 : UUNIVERGE WA 1020 Ver8.2.11 and prior, UNIVERGE WA 1510 Ver8.2.11 and prior, UNIVERGE WA 1511 Ver8… twitter.com/i/web/status/1…	2022-03-11 18:15:40
@Robo_Alerts	Potentially Critical CVE Detected! CVE-2022-25621 UUNIVERGE WA 1020 Ver8.2.11 and prior, UNIVERGE WA 1510 Ver8.2.11… twitter.com/i/web/status/1…	2022-03-11 18:56:02
/r/netcve	CVE-2022-25621	2022-03-11 19:38:26