{"api_version":"1","generated_at":"2026-04-23T16:35:39+00:00","cve":"CVE-2021-20621","urls":{"html":"https://cve.report/CVE-2021-20621","api":"https://cve.report/api/cve/CVE-2021-20621.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-20621","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-20621"},"summary":{"title":"CVE-2021-20621","description":"Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.","state":"PUBLIC","assigner":"vultures@jpcert.or.jp","published_at":"2021-01-28 11:15:00","updated_at":"2021-02-01 18:22:00"},"problem_types":["CWE-352"],"metrics":[],"references":[{"url":"https://jpn.nec.com/security-info/secinfo/nv21-005.html","name":"https://jpn.nec.com/security-info/secinfo/nv21-005.html","refsource":"MISC","tags":["Third Party Advisory"],"title":"NV21-005: セキュリティ情報 | NEC","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.aterm.jp/support/tech/2019/0328.html","name":"https://www.aterm.jp/support/tech/2019/0328.html","refsource":"MISC","tags":["Patch","Vendor Advisory"],"title":"Aterm製品における脆弱性への対処方法について｜サポート技術情報｜目的別で探す｜Aterm（エーターム） サポートデスク","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://jvn.jp/en/jp/JVN38248512/index.html","name":"https://jvn.jp/en/jp/JVN38248512/index.html","refsource":"MISC","tags":["Third Party Advisory"],"title":"JVN#38248512: Multiple vulnerabilities in Aterm WF800HP, Aterm WG2600HP, and Aterm WG2600HP2","mime":"text/xml","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-20621","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20621","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"20621","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"aterm","cpe5":"wg2600hp","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"20621","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"aterm","cpe5":"wg2600hp","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"20621","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"aterm","cpe5":"wg2600hp","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"20621","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"aterm","cpe5":"wg2600hp2","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"20621","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"aterm","cpe5":"wg2600hp2","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"20621","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"aterm","cpe5":"wg2600hp2","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"20621","vulnerable":"1","versionEndIncluding":"1.0.2","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"aterm","cpe5":"wg2600hp2_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"20621","vulnerable":"1","versionEndIncluding":"1.0.2","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"aterm","cpe5":"wg2600hp_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2021-20621","ASSIGNER":"vultures@jpcert.or.jp","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"NEC Corporation","product":{"product_data":[{"product_name":"Aterm WG2600HP and Aterm WG2600HP2","version":{"version_data":[{"version_value":"Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Cross-site request forgery"}]}]},"references":{"reference_data":[{"url":"https://www.aterm.jp/support/tech/2019/0328.html","refsource":"MISC","name":"https://www.aterm.jp/support/tech/2019/0328.html"},{"url":"https://jpn.nec.com/security-info/secinfo/nv21-005.html","refsource":"MISC","name":"https://jpn.nec.com/security-info/secinfo/nv21-005.html"},{"url":"https://jvn.jp/en/jp/JVN38248512/index.html","refsource":"MISC","name":"https://jvn.jp/en/jp/JVN38248512/index.html"}]},"description":{"description_data":[{"lang":"eng","value":"Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors."}]}},"nvd":{"publishedDate":"2021-01-28 11:15:00","lastModifiedDate":"2021-02-01 18:22:00","problem_types":["CWE-352"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:aterm:wg2600hp_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.0.2","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:aterm:wg2600hp:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:aterm:wg2600hp2_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.0.2","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:aterm:wg2600hp2:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"20621","Ordinal":"194666","Title":"CVE-2021-20621","CVE":"CVE-2021-20621","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"20621","Ordinal":"1","NoteData":"Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"20621","Ordinal":"2","NoteData":"2021-01-28","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"20621","Ordinal":"3","NoteData":"2021-01-28","Type":"Other","Title":"Modified"}]}}}