CVE-2018-16195: OS Command Injection
First published: Wed Jan 09 2019(Updated: )
Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands via SOAP interface of UPnP.
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NEC Aterm WF1200CR firmware | <=1.1.1 | |
| NEC Aterm WF1200CR | ||
| Nec Aterm Wg1200cr Firmware | <=1.0.1 | |
| Nec Aterm Wg1200cr |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2018-16195.
What is the severity of CVE-2018-16195?
CVE-2018-16195 has a severity rating of 8.8 (high).
Which software versions are affected by CVE-2018-16195?
CVE-2018-16195 affects Aterm WF1200CR firmware versions up to and including Ver1.1.1 and Aterm WG1200CR firmware versions up to and including Ver1.0.1.
How can an attacker exploit CVE-2018-16195?
An attacker on the same network segment can execute arbitrary OS commands via the SOAP interface of UPnP.
Is there a fix available for CVE-2018-16195?
There is no specific fix available mentioned in the provided information. It is recommended to check with the vendor for any available patches or updates.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/tags
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/nec
- canonical/nec aterm wf1200cr firmware
- version/nec aterm wf1200cr firmware/1.1.1
- canonical/nec aterm wf1200cr
- canonical/nec aterm wg1200cr firmware
- version/nec aterm wg1200cr firmware/1.0.1
- canonical/nec aterm wg1200cr