U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:o:nec:aterm_hc100rc_firmware:1.0.1:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 8 matching records.
Displaying matches 1 through 8.
Vuln ID Summary CVSS Severity
CVE-2018-0641

Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via tools_system.cgi date parameter, time parameter, and offset parameter.

Published: January 09, 2019; 6:29:01 PM -0500 		V4.0:(not available)
 V3.0: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2018-0640

Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via netWizard.cgi date parameter, time parameter, and offset parameter.

Published: January 09, 2019; 6:29:01 PM -0500 		V4.0:(not available)
 V3.0: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2018-0639

Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via tools_firmware.cgi date parameter, time parameter, and offset parameter.

Published: January 09, 2019; 6:29:01 PM -0500 		V4.0:(not available)
 V3.0: 7.2 HIGH
V2.0: 9.0 HIGH
CVE-2018-0638

Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via import.cgi encKey parameter.

Published: January 09, 2019; 6:29:01 PM -0500 		V4.0:(not available)
 V3.0: 7.2 HIGH
V2.0: 9.0 HIGH
CVE-2018-0637

Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via export.cgi encKey parameter.

Published: January 09, 2019; 6:29:00 PM -0500 		V4.0:(not available)
 V3.0: 7.2 HIGH
V2.0: 9.0 HIGH
CVE-2018-0636

Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter of a certain URL, different URL from CVE-2018-0634.

Published: January 09, 2019; 6:29:00 PM -0500 		V4.0:(not available)
 V3.0: 7.2 HIGH
V2.0: 9.0 HIGH
CVE-2018-0635

Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via filename parameter.

Published: January 09, 2019; 6:29:00 PM -0500 		V4.0:(not available)
 V3.0: 7.2 HIGH
V2.0: 9.0 HIGH
CVE-2018-0634

Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter or bootmode parameter of a certain URL.

Published: January 09, 2019; 6:29:00 PM -0500 		V4.0:(not available)
 V3.0: 7.2 HIGH
V2.0: 9.0 HIGH