CVE-2023-3331

Description

Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to delete specific files in the product.

Remediation

Workaround:

  • Stop using the products or remove the USB storage.

Category

5.4
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.11%
Vendor Advisory https:
Affected: NEC Corporation Aterm WG2600HP2
Affected: NEC Corporation Aterm WG2600HP
Affected: NEC Corporation Aterm WG2200HP
Affected: NEC Corporation Aterm WG2200HP
Affected: NEC Corporation Aterm WG1800HP2
Affected: NEC Corporation Aterm WG1800HP
Affected: NEC Corporation Aterm WG1400HP
Affected: NEC Corporation Aterm WG600HP
Affected: NEC Corporation Aterm WG300HP
Affected: NEC Corporation Aterm WF300HP
Affected: NEC Corporation Aterm WR9500N
Affected: NEC Corporation Aterm WR9300N
Affected: NEC Corporation Aterm WR8750N
Affected: NEC Corporation Aterm WR8700N
Affected: NEC Corporation Aterm WR8600N
Affected: NEC Corporation Aterm WR8370N
Affected: NEC Corporation Aterm WR8175N
Affected: NEC Corporation Aterm WR8170N
Published at:
Updated at:

References

Link Tags
https://https://jpn.nec.com/security-info/secinfo/nv23-007_en.html vendor advisory

Frequently Asked Questions

What is the severity of CVE-2023-3331?
CVE-2023-3331 has been scored as a medium severity vulnerability.
How to fix CVE-2023-3331?
As a workaround for remediating CVE-2023-3331: Stop using the products or remove the USB storage.
Is CVE-2023-3331 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2023-3331 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-3331?
CVE-2023-3331 affects NEC Corporation Aterm WG2600HP2, NEC Corporation Aterm WG2600HP, NEC Corporation Aterm WG2200HP, NEC Corporation Aterm WG2200HP, NEC Corporation Aterm WG1800HP2, NEC Corporation Aterm WG1800HP, NEC Corporation Aterm WG1400HP, NEC Corporation Aterm WG600HP, NEC Corporation Aterm WG300HP, NEC Corporation Aterm WF300HP, NEC Corporation Aterm WR9500N, NEC Corporation Aterm WR9300N, NEC Corporation Aterm WR8750N, NEC Corporation Aterm WR8700N, NEC Corporation Aterm WR8600N, NEC Corporation Aterm WR8370N, NEC Corporation Aterm WR8175N, NEC Corporation Aterm WR8170N.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.