Back to search
CVE-2017-12575
Published: Aug 24, 2018
Modified: Aug 5, 2024
PUBLISHED
Description
An issue was discovered on the NEC Aterm WG2600HP2 1.0.2. The router has a set of web service APIs for access to and setup of the configuration. Some APIs don't require authentication. An attacker could exploit this vulnerability by sending a crafted HTTP request to retrieve DHCP clients, firmware version, and network status (ex.: curl -X http://[IP]/aterm_httpif.cgi/negotiate -d "REQ_ID=SUPPORT_IF_GET").
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20180821 CVE-2017-12575: information leakage in NEC Aterm WG2600HP2
mailing-list
x_refsource_FULLDISC
JVN#38248512
third-party-advisory
x_refsource_JVN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now