CVE-2018-0627
Description
Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via targetAPSsid parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Aterm WG1200HP firmware versions 1.0.31 and earlier allow authenticated administrators to execute arbitrary OS commands via the targetAPSsid parameter.
Vulnerability
Aterm WG1200HP firmware versions Ver1.0.31 and earlier contain an OS command injection vulnerability in the targetAPSsid parameter [1]. The flaw resides in the web interface handling of this parameter, allowing injection of arbitrary OS commands.
Exploitation
An attacker must have administrative privileges to access the product's web interface. By sending a crafted HTTP request with a malicious targetAPSsid parameter, the attacker can inject OS commands that are executed with the privileges of the web server [1].
Impact
Successful exploitation allows the attacker to execute arbitrary OS commands on the device, leading to full compromise of the affected Aterm WG1200HP. This can result in disclosure of sensitive information, modification of device configuration, or denial of service [1].
Mitigation
The developer has released firmware updates to address this vulnerability. Users are advised to apply the latest firmware update according to the information provided by NEC Corporation [1]. If the device is no longer supported, consider upgrading to a newer model.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2<=1.0.31+ 1 more
- (no CPE)range: <=1.0.31
- (no CPE)range: firmware Ver1.0.31 and earlier
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- jvn.jp/en/jp/JVN00401783/index.htmlmitrethird-party-advisoryx_refsource_JVN
- jpn.nec.com/security-info/secinfo/nv18-011.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.