Multiple vulnerabilities in NEC Aterm series
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 12 |
| CVE-ID | CVE-2024-28005 CVE-2024-28006 CVE-2024-28007 CVE-2024-28008 CVE-2024-28009 CVE-2024-28012 CVE-2024-28010 CVE-2024-28011 CVE-2024-28013 CVE-2024-28014 CVE-2024-28015 CVE-2024-28016 |
| CWE-ID | CWE-732 CWE-200 CWE-489 CWE-1391 CWE-798 CWE-20 CWE-613 CWE-119 CWE-78 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software |
Aterm CR2500P Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm MR01LN Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm MR02LN Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm W300P Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm W1200EX(-MS) Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm WF300HP Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm WF300HP2 Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm WF1200HP Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm WF1200HP2 Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm WG300HP Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm WG600HP Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm WG1200HP Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm WG1200HP2 Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm WG1200HP3 Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm WG1200HS Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm WG1200HS2 Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm WG1200HS3 Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm WG1400HP Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm WG1800HP Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm WG1800HP2 Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm WG1800HP3 Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm WG1800HP4 Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm WG1810HP(JE) Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm WG1810HP(MF) Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm WG1900HP Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm WG1900HP2 Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm WG2200HP Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm WM3400RN Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm WM3450RN Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm WM3500R Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm WM3600R Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm WM3800R Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm WR1200H Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm WR4100N Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm WR4500N Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm WR6600H Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm WR6650S Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm WR6670S Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm WR7800H Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm WR7850S Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm WR7870S Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm WR8100N Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm WR8150N Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm WR8160N Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm WR8165N Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm WR8166N Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm WR8170N Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm WR8175N Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm WR8200N Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm WR8300N Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm WR8370N Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm WR8400N Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm WR8500N Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm WR8600N Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm WR8700N Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm WR8750N Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm WR9300N Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm WR9500N Hardware solutions / Routers & switches, VoIP, GSM, etc Aterm WF800HP Hardware solutions / Other hardware appliances |
| Vendor | NEC Corporation |
Security Bulletin
This security bulletin contains information about 12 vulnerabilities.
1) Incorrect permission assignment for critical resource
EUVDB-ID: #VU88157
Risk: Medium
CVSSv4.0: 6.1 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-28005
CWE-ID:
CWE-732 - Incorrect Permission Assignment for Critical Resource
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to incorrect permission assignment for critical resource. A remote user on the local network can execute a shell with the root privilege.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAterm CR2500P: All versions
Aterm MR01LN: All versions
Aterm MR02LN: All versions
Aterm W300P: All versions
Aterm W1200EX(-MS): All versions
Aterm WF300HP: All versions
Aterm WF300HP2: All versions
Aterm WF800HP: All versions
Aterm WF1200HP: All versions
Aterm WF1200HP2: All versions
Aterm WG300HP: All versions
Aterm WG600HP: All versions
Aterm WG1200HP: All versions
Aterm WG1200HP2: All versions
Aterm WG1200HP3: All versions
Aterm WG1200HS: All versions
Aterm WG1200HS2: All versions
Aterm WG1200HS3: All versions
Aterm WG1400HP: All versions
Aterm WG1800HP: All versions
Aterm WG1800HP2: All versions
Aterm WG1800HP3: All versions
Aterm WG1800HP4: All versions
Aterm WG1810HP(JE): All versions
Aterm WG1810HP(MF): All versions
Aterm WG1900HP: All versions
Aterm WG1900HP2: All versions
Aterm WG2200HP: All versions
Aterm WM3400RN: All versions
Aterm WM3450RN: All versions
Aterm WM3500R: All versions
Aterm WM3600R: All versions
Aterm WM3800R: All versions
Aterm WR1200H: All versions
Aterm WR4100N: All versions
Aterm WR4500N: All versions
Aterm WR6600H: All versions
Aterm WR6650S: All versions
Aterm WR6670S: All versions
Aterm WR7800H: All versions
Aterm WR7850S: All versions
Aterm WR7870S: All versions
Aterm WR8100N: All versions
Aterm WR8150N: All versions
Aterm WR8160N: All versions
Aterm WR8165N: All versions
Aterm WR8166N: All versions
Aterm WR8170N: All versions
Aterm WR8175N: All versions
Aterm WR8200N: All versions
Aterm WR8300N: All versions
Aterm WR8370N: All versions
Aterm WR8400N: All versions
Aterm WR8500N: All versions
Aterm WR8600N: All versions
Aterm WR8700N: All versions
Aterm WR8750N: All versions
Aterm WR9300N: All versions
Aterm WR9500N: All versions
CPE2.3- cpe:2.3:h:nec_corporation:aterm_cr2500p:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_mr01ln:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_mr02ln:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_w300p:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_w1200ex_-ms:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf300hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf300hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf800hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf1200hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf1200hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg300hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg600hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hp3:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hs:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hs2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hs3:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1400hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1800hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1800hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1800hp3:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1800hp4:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1810hp_je:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1810hp_mf:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1900hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1900hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg2200hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3400rn:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3450rn:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3500r:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3600r:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3800r:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr1200h:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr4100n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr4500n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr6600h:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr6650s:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr6670s:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr7800h:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr7850s:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr7870s:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8100n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8150n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8160n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8165n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8166n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8170n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8175n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8200n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8300n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8370n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8400n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8500n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8600n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8700n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8750n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr9300n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr9500n:*:*:*:*:*:*:*:*
https://jvn.jp/en/jp/JVN82074338/index.html
https://jpn.nec.com/security-info/secinfo/nv24-001_en.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information disclosure
EUVDB-ID: #VU88160
Risk: Low
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-28006
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to exposure of sensitive system information to an unauthorized control sphere. A remote attacker on the local network can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAterm CR2500P: All versions
Aterm MR01LN: All versions
Aterm MR02LN: All versions
Aterm W300P: All versions
Aterm W1200EX(-MS): All versions
Aterm WF300HP: All versions
Aterm WF300HP2: All versions
Aterm WF800HP: All versions
Aterm WF1200HP: All versions
Aterm WF1200HP2: All versions
Aterm WG300HP: All versions
Aterm WG600HP: All versions
Aterm WG1200HP: All versions
Aterm WG1200HP2: All versions
Aterm WG1200HP3: All versions
Aterm WG1200HS: All versions
Aterm WG1200HS2: All versions
Aterm WG1200HS3: All versions
Aterm WG1400HP: All versions
Aterm WG1800HP: All versions
Aterm WG1800HP2: All versions
Aterm WG1800HP3: All versions
Aterm WG1800HP4: All versions
Aterm WG1810HP(JE): All versions
Aterm WG1810HP(MF): All versions
Aterm WG1900HP: All versions
Aterm WG1900HP2: All versions
Aterm WG2200HP: All versions
Aterm WM3400RN: All versions
Aterm WM3450RN: All versions
Aterm WM3500R: All versions
Aterm WM3600R: All versions
Aterm WM3800R: All versions
Aterm WR1200H: All versions
Aterm WR4100N: All versions
Aterm WR4500N: All versions
Aterm WR6600H: All versions
Aterm WR6650S: All versions
Aterm WR6670S: All versions
Aterm WR7800H: All versions
Aterm WR7850S: All versions
Aterm WR7870S: All versions
Aterm WR8100N: All versions
Aterm WR8150N: All versions
Aterm WR8160N: All versions
Aterm WR8165N: All versions
Aterm WR8166N: All versions
Aterm WR8170N: All versions
Aterm WR8175N: All versions
Aterm WR8200N: All versions
Aterm WR8300N: All versions
Aterm WR8370N: All versions
Aterm WR8400N: All versions
Aterm WR8500N: All versions
Aterm WR8600N: All versions
Aterm WR8700N: All versions
Aterm WR8750N: All versions
Aterm WR9300N: All versions
Aterm WR9500N: All versions
CPE2.3- cpe:2.3:h:nec_corporation:aterm_cr2500p:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_mr01ln:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_mr02ln:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_w300p:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_w1200ex_-ms:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf300hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf300hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf800hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf1200hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf1200hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg300hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg600hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hp3:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hs:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hs2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hs3:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1400hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1800hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1800hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1800hp3:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1800hp4:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1810hp_je:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1810hp_mf:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1900hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1900hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg2200hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3400rn:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3450rn:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3500r:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3600r:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3800r:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr1200h:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr4100n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr4500n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr6600h:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr6650s:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr6670s:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr7800h:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr7850s:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr7870s:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8100n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8150n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8160n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8165n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8166n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8170n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8175n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8200n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8300n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8370n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8400n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8500n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8600n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8700n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8750n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr9300n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr9500n:*:*:*:*:*:*:*:*
https://jvn.jp/en/jp/JVN82074338/index.html
https://jpn.nec.com/security-info/secinfo/nv24-001_en.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Incorrect permission assignment for critical resource
EUVDB-ID: #VU88161
Risk: Medium
CVSSv4.0: 6.1 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-28007
CWE-ID:
CWE-732 - Incorrect Permission Assignment for Critical Resource
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to incorrect permission assignment for critical resource. A remote user on the local network can execute a shell with the root privilege.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAterm CR2500P: All versions
Aterm MR01LN: All versions
Aterm MR02LN: All versions
Aterm W300P: All versions
Aterm W1200EX(-MS): All versions
Aterm WF300HP: All versions
Aterm WF300HP2: All versions
Aterm WF800HP: All versions
Aterm WF1200HP: All versions
Aterm WF1200HP2: All versions
Aterm WG300HP: All versions
Aterm WG600HP: All versions
Aterm WG1200HP: All versions
Aterm WG1200HP2: All versions
Aterm WG1200HP3: All versions
Aterm WG1200HS: All versions
Aterm WG1200HS2: All versions
Aterm WG1200HS3: All versions
Aterm WG1400HP: All versions
Aterm WG1800HP: All versions
Aterm WG1800HP2: All versions
Aterm WG1800HP3: All versions
Aterm WG1800HP4: All versions
Aterm WG1810HP(JE): All versions
Aterm WG1810HP(MF): All versions
Aterm WG1900HP: All versions
Aterm WG1900HP2: All versions
Aterm WG2200HP: All versions
Aterm WM3400RN: All versions
Aterm WM3450RN: All versions
Aterm WM3500R: All versions
Aterm WM3600R: All versions
Aterm WM3800R: All versions
Aterm WR1200H: All versions
Aterm WR4100N: All versions
Aterm WR4500N: All versions
Aterm WR6600H: All versions
Aterm WR6650S: All versions
Aterm WR6670S: All versions
Aterm WR7800H: All versions
Aterm WR7850S: All versions
Aterm WR7870S: All versions
Aterm WR8100N: All versions
Aterm WR8150N: All versions
Aterm WR8160N: All versions
Aterm WR8165N: All versions
Aterm WR8166N: All versions
Aterm WR8170N: All versions
Aterm WR8175N: All versions
Aterm WR8200N: All versions
Aterm WR8300N: All versions
Aterm WR8370N: All versions
Aterm WR8400N: All versions
Aterm WR8500N: All versions
Aterm WR8600N: All versions
Aterm WR8700N: All versions
Aterm WR8750N: All versions
Aterm WR9300N: All versions
Aterm WR9500N: All versions
CPE2.3- cpe:2.3:h:nec_corporation:aterm_cr2500p:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_mr01ln:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_mr02ln:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_w300p:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_w1200ex_-ms:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf300hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf300hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf800hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf1200hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf1200hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg300hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg600hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hp3:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hs:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hs2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hs3:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1400hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1800hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1800hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1800hp3:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1800hp4:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1810hp_je:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1810hp_mf:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1900hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1900hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg2200hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3400rn:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3450rn:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3500r:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3600r:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3800r:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr1200h:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr4100n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr4500n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr6600h:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr6650s:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr6670s:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr7800h:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr7850s:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr7870s:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8100n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8150n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8160n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8165n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8166n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8170n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8175n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8200n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8300n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8370n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8400n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8500n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8600n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8700n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8750n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr9300n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr9500n:*:*:*:*:*:*:*:*
https://jvn.jp/en/jp/JVN82074338/index.html
https://jpn.nec.com/security-info/secinfo/nv24-001_en.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Active Debug Code
EUVDB-ID: #VU88162
Risk: Medium
CVSSv4.0: 6.1 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-28008
CWE-ID:
CWE-489 - Active Debug Code
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the active debug code issue. A remote user on the local network can perform an unintended operation.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAterm CR2500P: All versions
Aterm MR01LN: All versions
Aterm MR02LN: All versions
Aterm W300P: All versions
Aterm W1200EX(-MS): All versions
Aterm WF300HP: All versions
Aterm WF300HP2: All versions
Aterm WF800HP: All versions
Aterm WF1200HP: All versions
Aterm WF1200HP2: All versions
Aterm WG300HP: All versions
Aterm WG600HP: All versions
Aterm WG1200HP: All versions
Aterm WG1200HP2: All versions
Aterm WG1200HP3: All versions
Aterm WG1200HS: All versions
Aterm WG1200HS2: All versions
Aterm WG1200HS3: All versions
Aterm WG1400HP: All versions
Aterm WG1800HP: All versions
Aterm WG1800HP2: All versions
Aterm WG1800HP3: All versions
Aterm WG1800HP4: All versions
Aterm WG1810HP(JE): All versions
Aterm WG1810HP(MF): All versions
Aterm WG1900HP: All versions
Aterm WG1900HP2: All versions
Aterm WG2200HP: All versions
Aterm WM3400RN: All versions
Aterm WM3450RN: All versions
Aterm WM3500R: All versions
Aterm WM3600R: All versions
Aterm WM3800R: All versions
Aterm WR1200H: All versions
Aterm WR4100N: All versions
Aterm WR4500N: All versions
Aterm WR6600H: All versions
Aterm WR6650S: All versions
Aterm WR6670S: All versions
Aterm WR7800H: All versions
Aterm WR7850S: All versions
Aterm WR7870S: All versions
Aterm WR8100N: All versions
Aterm WR8150N: All versions
Aterm WR8160N: All versions
Aterm WR8165N: All versions
Aterm WR8166N: All versions
Aterm WR8170N: All versions
Aterm WR8175N: All versions
Aterm WR8200N: All versions
Aterm WR8300N: All versions
Aterm WR8370N: All versions
Aterm WR8400N: All versions
Aterm WR8500N: All versions
Aterm WR8600N: All versions
Aterm WR8700N: All versions
Aterm WR8750N: All versions
Aterm WR9300N: All versions
Aterm WR9500N: All versions
CPE2.3- cpe:2.3:h:nec_corporation:aterm_cr2500p:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_mr01ln:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_mr02ln:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_w300p:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_w1200ex_-ms:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf300hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf300hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf800hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf1200hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf1200hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg300hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg600hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hp3:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hs:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hs2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hs3:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1400hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1800hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1800hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1800hp3:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1800hp4:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1810hp_je:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1810hp_mf:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1900hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1900hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg2200hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3400rn:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3450rn:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3500r:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3600r:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3800r:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr1200h:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr4100n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr4500n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr6600h:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr6650s:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr6670s:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr7800h:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr7850s:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr7870s:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8100n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8150n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8160n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8165n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8166n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8170n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8175n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8200n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8300n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8370n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8400n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8500n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8600n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8700n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8750n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr9300n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr9500n:*:*:*:*:*:*:*:*
https://jvn.jp/en/jp/JVN82074338/index.html
https://jpn.nec.com/security-info/secinfo/nv24-001_en.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use of Weak Credentials
EUVDB-ID: #VU88163
Risk: Low
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-28009
CWE-ID:
CWE-1391 - Use of Weak Credentials
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to weak credentials. A remote attacker on the local network can guess the ID and password, and log in to telnet service.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAterm CR2500P: All versions
Aterm MR01LN: All versions
Aterm MR02LN: All versions
Aterm W300P: All versions
Aterm W1200EX(-MS): All versions
Aterm WF300HP: All versions
Aterm WF300HP2: All versions
Aterm WF800HP: All versions
Aterm WF1200HP: All versions
Aterm WF1200HP2: All versions
Aterm WG300HP: All versions
Aterm WG600HP: All versions
Aterm WG1200HP: All versions
Aterm WG1200HP2: All versions
Aterm WG1200HP3: All versions
Aterm WG1200HS: All versions
Aterm WG1200HS2: All versions
Aterm WG1200HS3: All versions
Aterm WG1400HP: All versions
Aterm WG1800HP: All versions
Aterm WG1800HP2: All versions
Aterm WG1800HP3: All versions
Aterm WG1800HP4: All versions
Aterm WG1810HP(JE): All versions
Aterm WG1810HP(MF): All versions
Aterm WG1900HP: All versions
Aterm WG1900HP2: All versions
Aterm WG2200HP: All versions
Aterm WM3400RN: All versions
Aterm WM3450RN: All versions
Aterm WM3500R: All versions
Aterm WM3600R: All versions
Aterm WM3800R: All versions
Aterm WR1200H: All versions
Aterm WR4100N: All versions
Aterm WR4500N: All versions
Aterm WR6600H: All versions
Aterm WR6650S: All versions
Aterm WR6670S: All versions
Aterm WR7800H: All versions
Aterm WR7850S: All versions
Aterm WR7870S: All versions
Aterm WR8100N: All versions
Aterm WR8150N: All versions
Aterm WR8160N: All versions
Aterm WR8165N: All versions
Aterm WR8166N: All versions
Aterm WR8170N: All versions
Aterm WR8175N: All versions
Aterm WR8200N: All versions
Aterm WR8300N: All versions
Aterm WR8370N: All versions
Aterm WR8400N: All versions
Aterm WR8500N: All versions
Aterm WR8600N: All versions
Aterm WR8700N: All versions
Aterm WR8750N: All versions
Aterm WR9300N: All versions
Aterm WR9500N: All versions
CPE2.3- cpe:2.3:h:nec_corporation:aterm_cr2500p:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_mr01ln:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_mr02ln:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_w300p:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_w1200ex_-ms:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf300hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf300hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf800hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf1200hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf1200hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg300hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg600hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hp3:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hs:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hs2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hs3:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1400hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1800hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1800hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1800hp3:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1800hp4:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1810hp_je:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1810hp_mf:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1900hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1900hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg2200hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3400rn:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3450rn:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3500r:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3600r:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3800r:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr1200h:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr4100n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr4500n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr6600h:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr6650s:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr6670s:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr7800h:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr7850s:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr7870s:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8100n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8150n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8160n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8165n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8166n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8170n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8175n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8200n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8300n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8370n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8400n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8500n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8600n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8700n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8750n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr9300n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr9500n:*:*:*:*:*:*:*:*
https://jvn.jp/en/jp/JVN82074338/index.html
https://jpn.nec.com/security-info/secinfo/nv24-001_en.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use of Weak Credentials
EUVDB-ID: #VU88164
Risk: Low
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-28012
CWE-ID:
CWE-1391 - Use of Weak Credentials
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to weak credentials. A remote attacker on the local network can guess the ID and password, and log in to telnet service.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAterm CR2500P: All versions
Aterm MR01LN: All versions
Aterm MR02LN: All versions
Aterm W300P: All versions
Aterm W1200EX(-MS): All versions
Aterm WF300HP: All versions
Aterm WF300HP2: All versions
Aterm WF800HP: All versions
Aterm WF1200HP: All versions
Aterm WF1200HP2: All versions
Aterm WG300HP: All versions
Aterm WG600HP: All versions
Aterm WG1200HP: All versions
Aterm WG1200HP2: All versions
Aterm WG1200HP3: All versions
Aterm WG1200HS: All versions
Aterm WG1200HS2: All versions
Aterm WG1200HS3: All versions
Aterm WG1400HP: All versions
Aterm WG1800HP: All versions
Aterm WG1800HP2: All versions
Aterm WG1800HP3: All versions
Aterm WG1800HP4: All versions
Aterm WG1810HP(JE): All versions
Aterm WG1810HP(MF): All versions
Aterm WG1900HP: All versions
Aterm WG1900HP2: All versions
Aterm WG2200HP: All versions
Aterm WM3400RN: All versions
Aterm WM3450RN: All versions
Aterm WM3500R: All versions
Aterm WM3600R: All versions
Aterm WM3800R: All versions
Aterm WR1200H: All versions
Aterm WR4100N: All versions
Aterm WR4500N: All versions
Aterm WR6600H: All versions
Aterm WR6650S: All versions
Aterm WR6670S: All versions
Aterm WR7800H: All versions
Aterm WR7850S: All versions
Aterm WR7870S: All versions
Aterm WR8100N: All versions
Aterm WR8150N: All versions
Aterm WR8160N: All versions
Aterm WR8165N: All versions
Aterm WR8166N: All versions
Aterm WR8170N: All versions
Aterm WR8175N: All versions
Aterm WR8200N: All versions
Aterm WR8300N: All versions
Aterm WR8370N: All versions
Aterm WR8400N: All versions
Aterm WR8500N: All versions
Aterm WR8600N: All versions
Aterm WR8700N: All versions
Aterm WR8750N: All versions
Aterm WR9300N: All versions
Aterm WR9500N: All versions
CPE2.3- cpe:2.3:h:nec_corporation:aterm_cr2500p:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_mr01ln:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_mr02ln:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_w300p:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_w1200ex_-ms:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf300hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf300hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf800hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf1200hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf1200hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg300hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg600hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hp3:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hs:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hs2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hs3:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1400hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1800hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1800hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1800hp3:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1800hp4:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1810hp_je:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1810hp_mf:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1900hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1900hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg2200hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3400rn:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3450rn:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3500r:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3600r:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3800r:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr1200h:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr4100n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr4500n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr6600h:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr6650s:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr6670s:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr7800h:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr7850s:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr7870s:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8100n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8150n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8160n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8165n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8166n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8170n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8175n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8200n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8300n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8370n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8400n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8500n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8600n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8700n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8750n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr9300n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr9500n:*:*:*:*:*:*:*:*
https://jvn.jp/en/jp/JVN82074338/index.html
https://jpn.nec.com/security-info/secinfo/nv24-001_en.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Use of hard-coded credentials
EUVDB-ID: #VU88165
Risk: Low
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-28010
CWE-ID:
CWE-798 - Use of Hard-coded Credentials
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to presence of hard-coded credentials in application code. A remote attacker on the local network can guess the ID and password, and log in to telnet service.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAterm CR2500P: All versions
Aterm MR01LN: All versions
Aterm MR02LN: All versions
Aterm W300P: All versions
Aterm W1200EX(-MS): All versions
Aterm WF300HP: All versions
Aterm WF300HP2: All versions
Aterm WF800HP: All versions
Aterm WF1200HP: All versions
Aterm WF1200HP2: All versions
Aterm WG300HP: All versions
Aterm WG600HP: All versions
Aterm WG1200HP: All versions
Aterm WG1200HP2: All versions
Aterm WG1200HP3: All versions
Aterm WG1200HS: All versions
Aterm WG1200HS2: All versions
Aterm WG1200HS3: All versions
Aterm WG1400HP: All versions
Aterm WG1800HP: All versions
Aterm WG1800HP2: All versions
Aterm WG1800HP3: All versions
Aterm WG1800HP4: All versions
Aterm WG1810HP(JE): All versions
Aterm WG1810HP(MF): All versions
Aterm WG1900HP: All versions
Aterm WG1900HP2: All versions
Aterm WG2200HP: All versions
Aterm WM3400RN: All versions
Aterm WM3450RN: All versions
Aterm WM3500R: All versions
Aterm WM3600R: All versions
Aterm WM3800R: All versions
Aterm WR1200H: All versions
Aterm WR4100N: All versions
Aterm WR4500N: All versions
Aterm WR6600H: All versions
Aterm WR6650S: All versions
Aterm WR6670S: All versions
Aterm WR7800H: All versions
Aterm WR7850S: All versions
Aterm WR7870S: All versions
Aterm WR8100N: All versions
Aterm WR8150N: All versions
Aterm WR8160N: All versions
Aterm WR8165N: All versions
Aterm WR8166N: All versions
Aterm WR8170N: All versions
Aterm WR8175N: All versions
Aterm WR8200N: All versions
Aterm WR8300N: All versions
Aterm WR8370N: All versions
Aterm WR8400N: All versions
Aterm WR8500N: All versions
Aterm WR8600N: All versions
Aterm WR8700N: All versions
Aterm WR8750N: All versions
Aterm WR9300N: All versions
Aterm WR9500N: All versions
CPE2.3- cpe:2.3:h:nec_corporation:aterm_cr2500p:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_mr01ln:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_mr02ln:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_w300p:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_w1200ex_-ms:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf300hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf300hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf800hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf1200hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf1200hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg300hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg600hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hp3:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hs:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hs2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hs3:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1400hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1800hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1800hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1800hp3:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1800hp4:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1810hp_je:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1810hp_mf:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1900hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1900hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg2200hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3400rn:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3450rn:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3500r:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3600r:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3800r:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr1200h:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr4100n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr4500n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr6600h:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr6650s:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr6670s:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr7800h:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr7850s:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr7870s:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8100n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8150n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8160n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8165n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8166n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8170n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8175n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8200n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8300n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8370n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8400n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8500n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8600n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8700n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8750n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr9300n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr9500n:*:*:*:*:*:*:*:*
https://jvn.jp/en/jp/JVN82074338/index.html
https://jpn.nec.com/security-info/secinfo/nv24-001_en.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Input validation error
EUVDB-ID: #VU88166
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-28011
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to inclusion of undocumented features. A remote attacker on the local network can access telnet service unlimitedly.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAterm CR2500P: All versions
Aterm MR01LN: All versions
Aterm MR02LN: All versions
Aterm W300P: All versions
Aterm W1200EX(-MS): All versions
Aterm WF300HP: All versions
Aterm WF300HP2: All versions
Aterm WF800HP: All versions
Aterm WF1200HP: All versions
Aterm WF1200HP2: All versions
Aterm WG300HP: All versions
Aterm WG600HP: All versions
Aterm WG1200HP: All versions
Aterm WG1200HP2: All versions
Aterm WG1200HP3: All versions
Aterm WG1200HS: All versions
Aterm WG1200HS2: All versions
Aterm WG1200HS3: All versions
Aterm WG1400HP: All versions
Aterm WG1800HP: All versions
Aterm WG1800HP2: All versions
Aterm WG1800HP3: All versions
Aterm WG1800HP4: All versions
Aterm WG1810HP(JE): All versions
Aterm WG1810HP(MF): All versions
Aterm WG1900HP: All versions
Aterm WG1900HP2: All versions
Aterm WG2200HP: All versions
Aterm WM3400RN: All versions
Aterm WM3450RN: All versions
Aterm WM3500R: All versions
Aterm WM3600R: All versions
Aterm WM3800R: All versions
Aterm WR1200H: All versions
Aterm WR4100N: All versions
Aterm WR4500N: All versions
Aterm WR6600H: All versions
Aterm WR6650S: All versions
Aterm WR6670S: All versions
Aterm WR7800H: All versions
Aterm WR7850S: All versions
Aterm WR7870S: All versions
Aterm WR8100N: All versions
Aterm WR8150N: All versions
Aterm WR8160N: All versions
Aterm WR8165N: All versions
Aterm WR8166N: All versions
Aterm WR8170N: All versions
Aterm WR8175N: All versions
Aterm WR8200N: All versions
Aterm WR8300N: All versions
Aterm WR8370N: All versions
Aterm WR8400N: All versions
Aterm WR8500N: All versions
Aterm WR8600N: All versions
Aterm WR8700N: All versions
Aterm WR8750N: All versions
Aterm WR9300N: All versions
Aterm WR9500N: All versions
CPE2.3- cpe:2.3:h:nec_corporation:aterm_cr2500p:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_mr01ln:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_mr02ln:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_w300p:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_w1200ex_-ms:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf300hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf300hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf800hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf1200hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf1200hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg300hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg600hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hp3:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hs:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hs2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hs3:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1400hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1800hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1800hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1800hp3:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1800hp4:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1810hp_je:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1810hp_mf:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1900hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1900hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg2200hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3400rn:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3450rn:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3500r:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3600r:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3800r:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr1200h:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr4100n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr4500n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr6600h:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr6650s:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr6670s:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr7800h:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr7850s:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr7870s:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8100n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8150n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8160n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8165n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8166n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8170n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8175n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8200n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8300n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8370n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8400n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8500n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8600n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8700n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8750n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr9300n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr9500n:*:*:*:*:*:*:*:*
https://jvn.jp/en/jp/JVN82074338/index.html
https://jpn.nec.com/security-info/secinfo/nv24-001_en.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Insufficient Session Expiration
EUVDB-ID: #VU88167
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-28013
CWE-ID:
CWE-613 - Insufficient Session Expiration
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker compromise the target system.
The vulnerability exists due to insufficient session expiration issue. A remote attacker on the local network can alter the device settings without logging in.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAterm CR2500P: All versions
Aterm MR01LN: All versions
Aterm MR02LN: All versions
Aterm W300P: All versions
Aterm W1200EX(-MS): All versions
Aterm WF300HP: All versions
Aterm WF300HP2: All versions
Aterm WF800HP: All versions
Aterm WF1200HP: All versions
Aterm WF1200HP2: All versions
Aterm WG300HP: All versions
Aterm WG600HP: All versions
Aterm WG1200HP: All versions
Aterm WG1200HP2: All versions
Aterm WG1200HP3: All versions
Aterm WG1200HS: All versions
Aterm WG1200HS2: All versions
Aterm WG1200HS3: All versions
Aterm WG1400HP: All versions
Aterm WG1800HP: All versions
Aterm WG1800HP2: All versions
Aterm WG1800HP3: All versions
Aterm WG1800HP4: All versions
Aterm WG1810HP(JE): All versions
Aterm WG1810HP(MF): All versions
Aterm WG1900HP: All versions
Aterm WG1900HP2: All versions
Aterm WG2200HP: All versions
Aterm WM3400RN: All versions
Aterm WM3450RN: All versions
Aterm WM3500R: All versions
Aterm WM3600R: All versions
Aterm WM3800R: All versions
Aterm WR1200H: All versions
Aterm WR4100N: All versions
Aterm WR4500N: All versions
Aterm WR6600H: All versions
Aterm WR6650S: All versions
Aterm WR6670S: All versions
Aterm WR7800H: All versions
Aterm WR7850S: All versions
Aterm WR7870S: All versions
Aterm WR8100N: All versions
Aterm WR8150N: All versions
Aterm WR8160N: All versions
Aterm WR8165N: All versions
Aterm WR8166N: All versions
Aterm WR8170N: All versions
Aterm WR8175N: All versions
Aterm WR8200N: All versions
Aterm WR8300N: All versions
Aterm WR8370N: All versions
Aterm WR8400N: All versions
Aterm WR8500N: All versions
Aterm WR8600N: All versions
Aterm WR8700N: All versions
Aterm WR8750N: All versions
Aterm WR9300N: All versions
Aterm WR9500N: All versions
CPE2.3- cpe:2.3:h:nec_corporation:aterm_cr2500p:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_mr01ln:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_mr02ln:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_w300p:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_w1200ex_-ms:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf300hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf300hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf800hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf1200hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf1200hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg300hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg600hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hp3:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hs:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hs2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hs3:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1400hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1800hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1800hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1800hp3:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1800hp4:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1810hp_je:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1810hp_mf:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1900hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1900hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg2200hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3400rn:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3450rn:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3500r:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3600r:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3800r:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr1200h:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr4100n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr4500n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr6600h:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr6650s:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr6670s:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr7800h:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr7850s:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr7870s:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8100n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8150n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8160n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8165n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8166n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8170n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8175n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8200n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8300n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8370n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8400n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8500n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8600n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8700n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8750n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr9300n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr9500n:*:*:*:*:*:*:*:*
https://jvn.jp/en/jp/JVN82074338/index.html
https://jpn.nec.com/security-info/secinfo/nv24-001_en.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Buffer overflow
EUVDB-ID: #VU88168
Risk: Medium
CVSSv4.0: 6.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-28014
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker on the local network can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAterm CR2500P: All versions
Aterm MR01LN: All versions
Aterm MR02LN: All versions
Aterm W300P: All versions
Aterm W1200EX(-MS): All versions
Aterm WF300HP: All versions
Aterm WF300HP2: All versions
Aterm WF800HP: All versions
Aterm WF1200HP: All versions
Aterm WF1200HP2: All versions
Aterm WG300HP: All versions
Aterm WG600HP: All versions
Aterm WG1200HP: All versions
Aterm WG1200HP2: All versions
Aterm WG1200HP3: All versions
Aterm WG1200HS: All versions
Aterm WG1200HS2: All versions
Aterm WG1200HS3: All versions
Aterm WG1400HP: All versions
Aterm WG1800HP: All versions
Aterm WG1800HP2: All versions
Aterm WG1800HP3: All versions
Aterm WG1800HP4: All versions
Aterm WG1810HP(JE): All versions
Aterm WG1810HP(MF): All versions
Aterm WG1900HP: All versions
Aterm WG1900HP2: All versions
Aterm WG2200HP: All versions
Aterm WM3400RN: All versions
Aterm WM3450RN: All versions
Aterm WM3500R: All versions
Aterm WM3600R: All versions
Aterm WM3800R: All versions
Aterm WR1200H: All versions
Aterm WR4100N: All versions
Aterm WR4500N: All versions
Aterm WR6600H: All versions
Aterm WR6650S: All versions
Aterm WR6670S: All versions
Aterm WR7800H: All versions
Aterm WR7850S: All versions
Aterm WR7870S: All versions
Aterm WR8100N: All versions
Aterm WR8150N: All versions
Aterm WR8160N: All versions
Aterm WR8165N: All versions
Aterm WR8166N: All versions
Aterm WR8170N: All versions
Aterm WR8175N: All versions
Aterm WR8200N: All versions
Aterm WR8300N: All versions
Aterm WR8370N: All versions
Aterm WR8400N: All versions
Aterm WR8500N: All versions
Aterm WR8600N: All versions
Aterm WR8700N: All versions
Aterm WR8750N: All versions
Aterm WR9300N: All versions
Aterm WR9500N: All versions
CPE2.3- cpe:2.3:h:nec_corporation:aterm_cr2500p:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_mr01ln:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_mr02ln:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_w300p:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_w1200ex_-ms:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf300hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf300hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf800hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf1200hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf1200hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg300hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg600hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hp3:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hs:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hs2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hs3:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1400hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1800hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1800hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1800hp3:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1800hp4:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1810hp_je:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1810hp_mf:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1900hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1900hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg2200hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3400rn:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3450rn:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3500r:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3600r:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3800r:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr1200h:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr4100n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr4500n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr6600h:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr6650s:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr6670s:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr7800h:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr7850s:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr7870s:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8100n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8150n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8160n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8165n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8166n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8170n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8175n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8200n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8300n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8370n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8400n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8500n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8600n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8700n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8750n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr9300n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr9500n:*:*:*:*:*:*:*:*
https://jvn.jp/en/jp/JVN82074338/index.html
https://jpn.nec.com/security-info/secinfo/nv24-001_en.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) OS Command Injection
EUVDB-ID: #VU88169
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-28015
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the web management console. A remote administrator can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAterm CR2500P: All versions
Aterm MR01LN: All versions
Aterm MR02LN: All versions
Aterm W300P: All versions
Aterm W1200EX(-MS): All versions
Aterm WF300HP: All versions
Aterm WF300HP2: All versions
Aterm WF800HP: All versions
Aterm WF1200HP: All versions
Aterm WF1200HP2: All versions
Aterm WG300HP: All versions
Aterm WG600HP: All versions
Aterm WG1200HP: All versions
Aterm WG1200HP2: All versions
Aterm WG1200HP3: All versions
Aterm WG1200HS: All versions
Aterm WG1200HS2: All versions
Aterm WG1200HS3: All versions
Aterm WG1400HP: All versions
Aterm WG1800HP: All versions
Aterm WG1800HP2: All versions
Aterm WG1800HP3: All versions
Aterm WG1800HP4: All versions
Aterm WG1810HP(JE): All versions
Aterm WG1810HP(MF): All versions
Aterm WG1900HP: All versions
Aterm WG1900HP2: All versions
Aterm WG2200HP: All versions
Aterm WM3400RN: All versions
Aterm WM3450RN: All versions
Aterm WM3500R: All versions
Aterm WM3600R: All versions
Aterm WM3800R: All versions
Aterm WR1200H: All versions
Aterm WR4100N: All versions
Aterm WR4500N: All versions
Aterm WR6600H: All versions
Aterm WR6650S: All versions
Aterm WR6670S: All versions
Aterm WR7800H: All versions
Aterm WR7850S: All versions
Aterm WR7870S: All versions
Aterm WR8100N: All versions
Aterm WR8150N: All versions
Aterm WR8160N: All versions
Aterm WR8165N: All versions
Aterm WR8166N: All versions
Aterm WR8170N: All versions
Aterm WR8175N: All versions
Aterm WR8200N: All versions
Aterm WR8300N: All versions
Aterm WR8370N: All versions
Aterm WR8400N: All versions
Aterm WR8500N: All versions
Aterm WR8600N: All versions
Aterm WR8700N: All versions
Aterm WR8750N: All versions
Aterm WR9300N: All versions
Aterm WR9500N: All versions
CPE2.3- cpe:2.3:h:nec_corporation:aterm_cr2500p:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_mr01ln:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_mr02ln:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_w300p:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_w1200ex_-ms:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf300hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf300hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf800hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf1200hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf1200hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg300hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg600hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hp3:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hs:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hs2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hs3:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1400hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1800hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1800hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1800hp3:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1800hp4:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1810hp_je:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1810hp_mf:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1900hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1900hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg2200hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3400rn:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3450rn:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3500r:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3600r:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3800r:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr1200h:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr4100n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr4500n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr6600h:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr6650s:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr6670s:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr7800h:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr7850s:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr7870s:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8100n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8150n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8160n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8165n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8166n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8170n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8175n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8200n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8300n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8370n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8400n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8500n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8600n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8700n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8750n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr9300n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr9500n:*:*:*:*:*:*:*:*
https://jvn.jp/en/jp/JVN82074338/index.html
https://jpn.nec.com/security-info/secinfo/nv24-001_en.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Information disclosure
EUVDB-ID: #VU88170
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-28016
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker on the local network can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAterm CR2500P: All versions
Aterm MR01LN: All versions
Aterm MR02LN: All versions
Aterm W300P: All versions
Aterm W1200EX(-MS): All versions
Aterm WF300HP: All versions
Aterm WF300HP2: All versions
Aterm WF800HP: All versions
Aterm WF1200HP: All versions
Aterm WF1200HP2: All versions
Aterm WG300HP: All versions
Aterm WG600HP: All versions
Aterm WG1200HP: All versions
Aterm WG1200HP2: All versions
Aterm WG1200HP3: All versions
Aterm WG1200HS: All versions
Aterm WG1200HS2: All versions
Aterm WG1200HS3: All versions
Aterm WG1400HP: All versions
Aterm WG1800HP: All versions
Aterm WG1800HP2: All versions
Aterm WG1800HP3: All versions
Aterm WG1800HP4: All versions
Aterm WG1810HP(JE): All versions
Aterm WG1810HP(MF): All versions
Aterm WG1900HP: All versions
Aterm WG1900HP2: All versions
Aterm WG2200HP: All versions
Aterm WM3400RN: All versions
Aterm WM3450RN: All versions
Aterm WM3500R: All versions
Aterm WM3600R: All versions
Aterm WM3800R: All versions
Aterm WR1200H: All versions
Aterm WR4100N: All versions
Aterm WR4500N: All versions
Aterm WR6600H: All versions
Aterm WR6650S: All versions
Aterm WR6670S: All versions
Aterm WR7800H: All versions
Aterm WR7850S: All versions
Aterm WR7870S: All versions
Aterm WR8100N: All versions
Aterm WR8150N: All versions
Aterm WR8160N: All versions
Aterm WR8165N: All versions
Aterm WR8166N: All versions
Aterm WR8170N: All versions
Aterm WR8175N: All versions
Aterm WR8200N: All versions
Aterm WR8300N: All versions
Aterm WR8370N: All versions
Aterm WR8400N: All versions
Aterm WR8500N: All versions
Aterm WR8600N: All versions
Aterm WR8700N: All versions
Aterm WR8750N: All versions
Aterm WR9300N: All versions
Aterm WR9500N: All versions
CPE2.3- cpe:2.3:h:nec_corporation:aterm_cr2500p:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_mr01ln:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_mr02ln:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_w300p:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_w1200ex_-ms:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf300hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf300hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf800hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf1200hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wf1200hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg300hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg600hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hp3:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hs:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hs2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1200hs3:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1400hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1800hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1800hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1800hp3:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1800hp4:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1810hp_je:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1810hp_mf:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1900hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg1900hp2:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wg2200hp:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3400rn:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3450rn:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3500r:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3600r:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wm3800r:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr1200h:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr4100n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr4500n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr6600h:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr6650s:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr6670s:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr7800h:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr7850s:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr7870s:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8100n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8150n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8160n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8165n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8166n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8170n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8175n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8200n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8300n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8370n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8400n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8500n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8600n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8700n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr8750n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr9300n:*:*:*:*:*:*:*:*
- cpe:2.3:h:nec_corporation:aterm_wr9500n:*:*:*:*:*:*:*:*
https://jvn.jp/en/jp/JVN82074338/index.html
https://jpn.nec.com/security-info/secinfo/nv24-001_en.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
