Multiple vulnerabilities in NEC Aterm series
Security Bulletin
This security bulletin contains information about 12 vulnerabilities.
1) Incorrect permission assignment for critical resource
EUVDB-ID: #VU88157
Risk: Medium
CVSSv3.1: 7 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-28005
CWE-ID:
CWE-732 - Incorrect Permission Assignment for Critical Resource
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to incorrect permission assignment for critical resource. A remote user on the local network can execute a shell with the root privilege.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAterm CR2500P: All versions
Aterm MR01LN: All versions
Aterm MR02LN: All versions
Aterm W300P: All versions
Aterm W1200EX(-MS): All versions
Aterm WF300HP: All versions
Aterm WF300HP2: All versions
Aterm WF800HP: All versions
Aterm WF1200HP: All versions
Aterm WF1200HP2: All versions
Aterm WG300HP: All versions
Aterm WG600HP: All versions
Aterm WG1200HP: All versions
Aterm WG1200HP2: All versions
Aterm WG1200HP3: All versions
Aterm WG1200HS: All versions
Aterm WG1200HS2: All versions
Aterm WG1200HS3: All versions
Aterm WG1400HP: All versions
Aterm WG1800HP: All versions
Aterm WG1800HP2: All versions
Aterm WG1800HP3: All versions
Aterm WG1800HP4: All versions
Aterm WG1810HP(JE): All versions
Aterm WG1810HP(MF): All versions
Aterm WG1900HP: All versions
Aterm WG1900HP2: All versions
Aterm WG2200HP: All versions
Aterm WM3400RN: All versions
Aterm WM3450RN: All versions
Aterm WM3500R: All versions
Aterm WM3600R: All versions
Aterm WM3800R: All versions
Aterm WR1200H: All versions
Aterm WR4100N: All versions
Aterm WR4500N: All versions
Aterm WR6600H: All versions
Aterm WR6650S: All versions
Aterm WR6670S: All versions
Aterm WR7800H: All versions
Aterm WR7850S: All versions
Aterm WR7870S: All versions
Aterm WR8100N: All versions
Aterm WR8150N: All versions
Aterm WR8160N: All versions
Aterm WR8165N: All versions
Aterm WR8166N: All versions
Aterm WR8170N: All versions
Aterm WR8175N: All versions
Aterm WR8200N: All versions
Aterm WR8300N: All versions
Aterm WR8370N: All versions
Aterm WR8400N: All versions
Aterm WR8500N: All versions
Aterm WR8600N: All versions
Aterm WR8700N: All versions
Aterm WR8750N: All versions
Aterm WR9300N: All versions
Aterm WR9500N: All versions
External linkshttp://jvn.jp/en/jp/JVN82074338/index.html
http://jpn.nec.com/security-info/secinfo/nv24-001_en.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information disclosure
EUVDB-ID: #VU88160
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-28006
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to exposure of sensitive system information to an unauthorized control sphere. A remote attacker on the local network can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAterm CR2500P: All versions
Aterm MR01LN: All versions
Aterm MR02LN: All versions
Aterm W300P: All versions
Aterm W1200EX(-MS): All versions
Aterm WF300HP: All versions
Aterm WF300HP2: All versions
Aterm WF800HP: All versions
Aterm WF1200HP: All versions
Aterm WF1200HP2: All versions
Aterm WG300HP: All versions
Aterm WG600HP: All versions
Aterm WG1200HP: All versions
Aterm WG1200HP2: All versions
Aterm WG1200HP3: All versions
Aterm WG1200HS: All versions
Aterm WG1200HS2: All versions
Aterm WG1200HS3: All versions
Aterm WG1400HP: All versions
Aterm WG1800HP: All versions
Aterm WG1800HP2: All versions
Aterm WG1800HP3: All versions
Aterm WG1800HP4: All versions
Aterm WG1810HP(JE): All versions
Aterm WG1810HP(MF): All versions
Aterm WG1900HP: All versions
Aterm WG1900HP2: All versions
Aterm WG2200HP: All versions
Aterm WM3400RN: All versions
Aterm WM3450RN: All versions
Aterm WM3500R: All versions
Aterm WM3600R: All versions
Aterm WM3800R: All versions
Aterm WR1200H: All versions
Aterm WR4100N: All versions
Aterm WR4500N: All versions
Aterm WR6600H: All versions
Aterm WR6650S: All versions
Aterm WR6670S: All versions
Aterm WR7800H: All versions
Aterm WR7850S: All versions
Aterm WR7870S: All versions
Aterm WR8100N: All versions
Aterm WR8150N: All versions
Aterm WR8160N: All versions
Aterm WR8165N: All versions
Aterm WR8166N: All versions
Aterm WR8170N: All versions
Aterm WR8175N: All versions
Aterm WR8200N: All versions
Aterm WR8300N: All versions
Aterm WR8370N: All versions
Aterm WR8400N: All versions
Aterm WR8500N: All versions
Aterm WR8600N: All versions
Aterm WR8700N: All versions
Aterm WR8750N: All versions
Aterm WR9300N: All versions
Aterm WR9500N: All versions
External linkshttp://jvn.jp/en/jp/JVN82074338/index.html
http://jpn.nec.com/security-info/secinfo/nv24-001_en.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Incorrect permission assignment for critical resource
EUVDB-ID: #VU88161
Risk: Medium
CVSSv3.1: 7 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-28007
CWE-ID:
CWE-732 - Incorrect Permission Assignment for Critical Resource
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to incorrect permission assignment for critical resource. A remote user on the local network can execute a shell with the root privilege.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAterm CR2500P: All versions
Aterm MR01LN: All versions
Aterm MR02LN: All versions
Aterm W300P: All versions
Aterm W1200EX(-MS): All versions
Aterm WF300HP: All versions
Aterm WF300HP2: All versions
Aterm WF800HP: All versions
Aterm WF1200HP: All versions
Aterm WF1200HP2: All versions
Aterm WG300HP: All versions
Aterm WG600HP: All versions
Aterm WG1200HP: All versions
Aterm WG1200HP2: All versions
Aterm WG1200HP3: All versions
Aterm WG1200HS: All versions
Aterm WG1200HS2: All versions
Aterm WG1200HS3: All versions
Aterm WG1400HP: All versions
Aterm WG1800HP: All versions
Aterm WG1800HP2: All versions
Aterm WG1800HP3: All versions
Aterm WG1800HP4: All versions
Aterm WG1810HP(JE): All versions
Aterm WG1810HP(MF): All versions
Aterm WG1900HP: All versions
Aterm WG1900HP2: All versions
Aterm WG2200HP: All versions
Aterm WM3400RN: All versions
Aterm WM3450RN: All versions
Aterm WM3500R: All versions
Aterm WM3600R: All versions
Aterm WM3800R: All versions
Aterm WR1200H: All versions
Aterm WR4100N: All versions
Aterm WR4500N: All versions
Aterm WR6600H: All versions
Aterm WR6650S: All versions
Aterm WR6670S: All versions
Aterm WR7800H: All versions
Aterm WR7850S: All versions
Aterm WR7870S: All versions
Aterm WR8100N: All versions
Aterm WR8150N: All versions
Aterm WR8160N: All versions
Aterm WR8165N: All versions
Aterm WR8166N: All versions
Aterm WR8170N: All versions
Aterm WR8175N: All versions
Aterm WR8200N: All versions
Aterm WR8300N: All versions
Aterm WR8370N: All versions
Aterm WR8400N: All versions
Aterm WR8500N: All versions
Aterm WR8600N: All versions
Aterm WR8700N: All versions
Aterm WR8750N: All versions
Aterm WR9300N: All versions
Aterm WR9500N: All versions
External linkshttp://jvn.jp/en/jp/JVN82074338/index.html
http://jpn.nec.com/security-info/secinfo/nv24-001_en.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Active Debug Code
EUVDB-ID: #VU88162
Risk: Medium
CVSSv3.1: 7 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-28008
CWE-ID:
CWE-489 - Active Debug Code
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the active debug code issue. A remote user on the local network can perform an unintended operation.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAterm CR2500P: All versions
Aterm MR01LN: All versions
Aterm MR02LN: All versions
Aterm W300P: All versions
Aterm W1200EX(-MS): All versions
Aterm WF300HP: All versions
Aterm WF300HP2: All versions
Aterm WF800HP: All versions
Aterm WF1200HP: All versions
Aterm WF1200HP2: All versions
Aterm WG300HP: All versions
Aterm WG600HP: All versions
Aterm WG1200HP: All versions
Aterm WG1200HP2: All versions
Aterm WG1200HP3: All versions
Aterm WG1200HS: All versions
Aterm WG1200HS2: All versions
Aterm WG1200HS3: All versions
Aterm WG1400HP: All versions
Aterm WG1800HP: All versions
Aterm WG1800HP2: All versions
Aterm WG1800HP3: All versions
Aterm WG1800HP4: All versions
Aterm WG1810HP(JE): All versions
Aterm WG1810HP(MF): All versions
Aterm WG1900HP: All versions
Aterm WG1900HP2: All versions
Aterm WG2200HP: All versions
Aterm WM3400RN: All versions
Aterm WM3450RN: All versions
Aterm WM3500R: All versions
Aterm WM3600R: All versions
Aterm WM3800R: All versions
Aterm WR1200H: All versions
Aterm WR4100N: All versions
Aterm WR4500N: All versions
Aterm WR6600H: All versions
Aterm WR6650S: All versions
Aterm WR6670S: All versions
Aterm WR7800H: All versions
Aterm WR7850S: All versions
Aterm WR7870S: All versions
Aterm WR8100N: All versions
Aterm WR8150N: All versions
Aterm WR8160N: All versions
Aterm WR8165N: All versions
Aterm WR8166N: All versions
Aterm WR8170N: All versions
Aterm WR8175N: All versions
Aterm WR8200N: All versions
Aterm WR8300N: All versions
Aterm WR8370N: All versions
Aterm WR8400N: All versions
Aterm WR8500N: All versions
Aterm WR8600N: All versions
Aterm WR8700N: All versions
Aterm WR8750N: All versions
Aterm WR9300N: All versions
Aterm WR9500N: All versions
External linkshttp://jvn.jp/en/jp/JVN82074338/index.html
http://jpn.nec.com/security-info/secinfo/nv24-001_en.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use of Weak Credentials
EUVDB-ID: #VU88163
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-28009
CWE-ID:
CWE-1391 - Use of Weak Credentials
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to weak credentials. A remote attacker on the local network can guess the ID and password, and log in to telnet service.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAterm CR2500P: All versions
Aterm MR01LN: All versions
Aterm MR02LN: All versions
Aterm W300P: All versions
Aterm W1200EX(-MS): All versions
Aterm WF300HP: All versions
Aterm WF300HP2: All versions
Aterm WF800HP: All versions
Aterm WF1200HP: All versions
Aterm WF1200HP2: All versions
Aterm WG300HP: All versions
Aterm WG600HP: All versions
Aterm WG1200HP: All versions
Aterm WG1200HP2: All versions
Aterm WG1200HP3: All versions
Aterm WG1200HS: All versions
Aterm WG1200HS2: All versions
Aterm WG1200HS3: All versions
Aterm WG1400HP: All versions
Aterm WG1800HP: All versions
Aterm WG1800HP2: All versions
Aterm WG1800HP3: All versions
Aterm WG1800HP4: All versions
Aterm WG1810HP(JE): All versions
Aterm WG1810HP(MF): All versions
Aterm WG1900HP: All versions
Aterm WG1900HP2: All versions
Aterm WG2200HP: All versions
Aterm WM3400RN: All versions
Aterm WM3450RN: All versions
Aterm WM3500R: All versions
Aterm WM3600R: All versions
Aterm WM3800R: All versions
Aterm WR1200H: All versions
Aterm WR4100N: All versions
Aterm WR4500N: All versions
Aterm WR6600H: All versions
Aterm WR6650S: All versions
Aterm WR6670S: All versions
Aterm WR7800H: All versions
Aterm WR7850S: All versions
Aterm WR7870S: All versions
Aterm WR8100N: All versions
Aterm WR8150N: All versions
Aterm WR8160N: All versions
Aterm WR8165N: All versions
Aterm WR8166N: All versions
Aterm WR8170N: All versions
Aterm WR8175N: All versions
Aterm WR8200N: All versions
Aterm WR8300N: All versions
Aterm WR8370N: All versions
Aterm WR8400N: All versions
Aterm WR8500N: All versions
Aterm WR8600N: All versions
Aterm WR8700N: All versions
Aterm WR8750N: All versions
Aterm WR9300N: All versions
Aterm WR9500N: All versions
External linkshttp://jvn.jp/en/jp/JVN82074338/index.html
http://jpn.nec.com/security-info/secinfo/nv24-001_en.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use of Weak Credentials
EUVDB-ID: #VU88164
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-28012
CWE-ID:
CWE-1391 - Use of Weak Credentials
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to weak credentials. A remote attacker on the local network can guess the ID and password, and log in to telnet service.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAterm CR2500P: All versions
Aterm MR01LN: All versions
Aterm MR02LN: All versions
Aterm W300P: All versions
Aterm W1200EX(-MS): All versions
Aterm WF300HP: All versions
Aterm WF300HP2: All versions
Aterm WF800HP: All versions
Aterm WF1200HP: All versions
Aterm WF1200HP2: All versions
Aterm WG300HP: All versions
Aterm WG600HP: All versions
Aterm WG1200HP: All versions
Aterm WG1200HP2: All versions
Aterm WG1200HP3: All versions
Aterm WG1200HS: All versions
Aterm WG1200HS2: All versions
Aterm WG1200HS3: All versions
Aterm WG1400HP: All versions
Aterm WG1800HP: All versions
Aterm WG1800HP2: All versions
Aterm WG1800HP3: All versions
Aterm WG1800HP4: All versions
Aterm WG1810HP(JE): All versions
Aterm WG1810HP(MF): All versions
Aterm WG1900HP: All versions
Aterm WG1900HP2: All versions
Aterm WG2200HP: All versions
Aterm WM3400RN: All versions
Aterm WM3450RN: All versions
Aterm WM3500R: All versions
Aterm WM3600R: All versions
Aterm WM3800R: All versions
Aterm WR1200H: All versions
Aterm WR4100N: All versions
Aterm WR4500N: All versions
Aterm WR6600H: All versions
Aterm WR6650S: All versions
Aterm WR6670S: All versions
Aterm WR7800H: All versions
Aterm WR7850S: All versions
Aterm WR7870S: All versions
Aterm WR8100N: All versions
Aterm WR8150N: All versions
Aterm WR8160N: All versions
Aterm WR8165N: All versions
Aterm WR8166N: All versions
Aterm WR8170N: All versions
Aterm WR8175N: All versions
Aterm WR8200N: All versions
Aterm WR8300N: All versions
Aterm WR8370N: All versions
Aterm WR8400N: All versions
Aterm WR8500N: All versions
Aterm WR8600N: All versions
Aterm WR8700N: All versions
Aterm WR8750N: All versions
Aterm WR9300N: All versions
Aterm WR9500N: All versions
External linkshttp://jvn.jp/en/jp/JVN82074338/index.html
http://jpn.nec.com/security-info/secinfo/nv24-001_en.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Use of hard-coded credentials
EUVDB-ID: #VU88165
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-28010
CWE-ID:
CWE-798 - Use of Hard-coded Credentials
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to presence of hard-coded credentials in application code. A remote attacker on the local network can guess the ID and password, and log in to telnet service.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAterm CR2500P: All versions
Aterm MR01LN: All versions
Aterm MR02LN: All versions
Aterm W300P: All versions
Aterm W1200EX(-MS): All versions
Aterm WF300HP: All versions
Aterm WF300HP2: All versions
Aterm WF800HP: All versions
Aterm WF1200HP: All versions
Aterm WF1200HP2: All versions
Aterm WG300HP: All versions
Aterm WG600HP: All versions
Aterm WG1200HP: All versions
Aterm WG1200HP2: All versions
Aterm WG1200HP3: All versions
Aterm WG1200HS: All versions
Aterm WG1200HS2: All versions
Aterm WG1200HS3: All versions
Aterm WG1400HP: All versions
Aterm WG1800HP: All versions
Aterm WG1800HP2: All versions
Aterm WG1800HP3: All versions
Aterm WG1800HP4: All versions
Aterm WG1810HP(JE): All versions
Aterm WG1810HP(MF): All versions
Aterm WG1900HP: All versions
Aterm WG1900HP2: All versions
Aterm WG2200HP: All versions
Aterm WM3400RN: All versions
Aterm WM3450RN: All versions
Aterm WM3500R: All versions
Aterm WM3600R: All versions
Aterm WM3800R: All versions
Aterm WR1200H: All versions
Aterm WR4100N: All versions
Aterm WR4500N: All versions
Aterm WR6600H: All versions
Aterm WR6650S: All versions
Aterm WR6670S: All versions
Aterm WR7800H: All versions
Aterm WR7850S: All versions
Aterm WR7870S: All versions
Aterm WR8100N: All versions
Aterm WR8150N: All versions
Aterm WR8160N: All versions
Aterm WR8165N: All versions
Aterm WR8166N: All versions
Aterm WR8170N: All versions
Aterm WR8175N: All versions
Aterm WR8200N: All versions
Aterm WR8300N: All versions
Aterm WR8370N: All versions
Aterm WR8400N: All versions
Aterm WR8500N: All versions
Aterm WR8600N: All versions
Aterm WR8700N: All versions
Aterm WR8750N: All versions
Aterm WR9300N: All versions
Aterm WR9500N: All versions
External linkshttp://jvn.jp/en/jp/JVN82074338/index.html
http://jpn.nec.com/security-info/secinfo/nv24-001_en.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Input validation error
EUVDB-ID: #VU88166
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-28011
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to inclusion of undocumented features. A remote attacker on the local network can access telnet service unlimitedly.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAterm CR2500P: All versions
Aterm MR01LN: All versions
Aterm MR02LN: All versions
Aterm W300P: All versions
Aterm W1200EX(-MS): All versions
Aterm WF300HP: All versions
Aterm WF300HP2: All versions
Aterm WF800HP: All versions
Aterm WF1200HP: All versions
Aterm WF1200HP2: All versions
Aterm WG300HP: All versions
Aterm WG600HP: All versions
Aterm WG1200HP: All versions
Aterm WG1200HP2: All versions
Aterm WG1200HP3: All versions
Aterm WG1200HS: All versions
Aterm WG1200HS2: All versions
Aterm WG1200HS3: All versions
Aterm WG1400HP: All versions
Aterm WG1800HP: All versions
Aterm WG1800HP2: All versions
Aterm WG1800HP3: All versions
Aterm WG1800HP4: All versions
Aterm WG1810HP(JE): All versions
Aterm WG1810HP(MF): All versions
Aterm WG1900HP: All versions
Aterm WG1900HP2: All versions
Aterm WG2200HP: All versions
Aterm WM3400RN: All versions
Aterm WM3450RN: All versions
Aterm WM3500R: All versions
Aterm WM3600R: All versions
Aterm WM3800R: All versions
Aterm WR1200H: All versions
Aterm WR4100N: All versions
Aterm WR4500N: All versions
Aterm WR6600H: All versions
Aterm WR6650S: All versions
Aterm WR6670S: All versions
Aterm WR7800H: All versions
Aterm WR7850S: All versions
Aterm WR7870S: All versions
Aterm WR8100N: All versions
Aterm WR8150N: All versions
Aterm WR8160N: All versions
Aterm WR8165N: All versions
Aterm WR8166N: All versions
Aterm WR8170N: All versions
Aterm WR8175N: All versions
Aterm WR8200N: All versions
Aterm WR8300N: All versions
Aterm WR8370N: All versions
Aterm WR8400N: All versions
Aterm WR8500N: All versions
Aterm WR8600N: All versions
Aterm WR8700N: All versions
Aterm WR8750N: All versions
Aterm WR9300N: All versions
Aterm WR9500N: All versions
External linkshttp://jvn.jp/en/jp/JVN82074338/index.html
http://jpn.nec.com/security-info/secinfo/nv24-001_en.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Insufficient Session Expiration
EUVDB-ID: #VU88167
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-28013
CWE-ID:
CWE-613 - Insufficient Session Expiration
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker compromise the target system.
The vulnerability exists due to insufficient session expiration issue. A remote attacker on the local network can alter the device settings without logging in.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAterm CR2500P: All versions
Aterm MR01LN: All versions
Aterm MR02LN: All versions
Aterm W300P: All versions
Aterm W1200EX(-MS): All versions
Aterm WF300HP: All versions
Aterm WF300HP2: All versions
Aterm WF800HP: All versions
Aterm WF1200HP: All versions
Aterm WF1200HP2: All versions
Aterm WG300HP: All versions
Aterm WG600HP: All versions
Aterm WG1200HP: All versions
Aterm WG1200HP2: All versions
Aterm WG1200HP3: All versions
Aterm WG1200HS: All versions
Aterm WG1200HS2: All versions
Aterm WG1200HS3: All versions
Aterm WG1400HP: All versions
Aterm WG1800HP: All versions
Aterm WG1800HP2: All versions
Aterm WG1800HP3: All versions
Aterm WG1800HP4: All versions
Aterm WG1810HP(JE): All versions
Aterm WG1810HP(MF): All versions
Aterm WG1900HP: All versions
Aterm WG1900HP2: All versions
Aterm WG2200HP: All versions
Aterm WM3400RN: All versions
Aterm WM3450RN: All versions
Aterm WM3500R: All versions
Aterm WM3600R: All versions
Aterm WM3800R: All versions
Aterm WR1200H: All versions
Aterm WR4100N: All versions
Aterm WR4500N: All versions
Aterm WR6600H: All versions
Aterm WR6650S: All versions
Aterm WR6670S: All versions
Aterm WR7800H: All versions
Aterm WR7850S: All versions
Aterm WR7870S: All versions
Aterm WR8100N: All versions
Aterm WR8150N: All versions
Aterm WR8160N: All versions
Aterm WR8165N: All versions
Aterm WR8166N: All versions
Aterm WR8170N: All versions
Aterm WR8175N: All versions
Aterm WR8200N: All versions
Aterm WR8300N: All versions
Aterm WR8370N: All versions
Aterm WR8400N: All versions
Aterm WR8500N: All versions
Aterm WR8600N: All versions
Aterm WR8700N: All versions
Aterm WR8750N: All versions
Aterm WR9300N: All versions
Aterm WR9500N: All versions
External linkshttp://jvn.jp/en/jp/JVN82074338/index.html
http://jpn.nec.com/security-info/secinfo/nv24-001_en.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Buffer overflow
EUVDB-ID: #VU88168
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-28014
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker on the local network can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAterm CR2500P: All versions
Aterm MR01LN: All versions
Aterm MR02LN: All versions
Aterm W300P: All versions
Aterm W1200EX(-MS): All versions
Aterm WF300HP: All versions
Aterm WF300HP2: All versions
Aterm WF800HP: All versions
Aterm WF1200HP: All versions
Aterm WF1200HP2: All versions
Aterm WG300HP: All versions
Aterm WG600HP: All versions
Aterm WG1200HP: All versions
Aterm WG1200HP2: All versions
Aterm WG1200HP3: All versions
Aterm WG1200HS: All versions
Aterm WG1200HS2: All versions
Aterm WG1200HS3: All versions
Aterm WG1400HP: All versions
Aterm WG1800HP: All versions
Aterm WG1800HP2: All versions
Aterm WG1800HP3: All versions
Aterm WG1800HP4: All versions
Aterm WG1810HP(JE): All versions
Aterm WG1810HP(MF): All versions
Aterm WG1900HP: All versions
Aterm WG1900HP2: All versions
Aterm WG2200HP: All versions
Aterm WM3400RN: All versions
Aterm WM3450RN: All versions
Aterm WM3500R: All versions
Aterm WM3600R: All versions
Aterm WM3800R: All versions
Aterm WR1200H: All versions
Aterm WR4100N: All versions
Aterm WR4500N: All versions
Aterm WR6600H: All versions
Aterm WR6650S: All versions
Aterm WR6670S: All versions
Aterm WR7800H: All versions
Aterm WR7850S: All versions
Aterm WR7870S: All versions
Aterm WR8100N: All versions
Aterm WR8150N: All versions
Aterm WR8160N: All versions
Aterm WR8165N: All versions
Aterm WR8166N: All versions
Aterm WR8170N: All versions
Aterm WR8175N: All versions
Aterm WR8200N: All versions
Aterm WR8300N: All versions
Aterm WR8370N: All versions
Aterm WR8400N: All versions
Aterm WR8500N: All versions
Aterm WR8600N: All versions
Aterm WR8700N: All versions
Aterm WR8750N: All versions
Aterm WR9300N: All versions
Aterm WR9500N: All versions
External linkshttp://jvn.jp/en/jp/JVN82074338/index.html
http://jpn.nec.com/security-info/secinfo/nv24-001_en.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) OS Command Injection
EUVDB-ID: #VU88169
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-28015
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the web management console. A remote administrator can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAterm CR2500P: All versions
Aterm MR01LN: All versions
Aterm MR02LN: All versions
Aterm W300P: All versions
Aterm W1200EX(-MS): All versions
Aterm WF300HP: All versions
Aterm WF300HP2: All versions
Aterm WF800HP: All versions
Aterm WF1200HP: All versions
Aterm WF1200HP2: All versions
Aterm WG300HP: All versions
Aterm WG600HP: All versions
Aterm WG1200HP: All versions
Aterm WG1200HP2: All versions
Aterm WG1200HP3: All versions
Aterm WG1200HS: All versions
Aterm WG1200HS2: All versions
Aterm WG1200HS3: All versions
Aterm WG1400HP: All versions
Aterm WG1800HP: All versions
Aterm WG1800HP2: All versions
Aterm WG1800HP3: All versions
Aterm WG1800HP4: All versions
Aterm WG1810HP(JE): All versions
Aterm WG1810HP(MF): All versions
Aterm WG1900HP: All versions
Aterm WG1900HP2: All versions
Aterm WG2200HP: All versions
Aterm WM3400RN: All versions
Aterm WM3450RN: All versions
Aterm WM3500R: All versions
Aterm WM3600R: All versions
Aterm WM3800R: All versions
Aterm WR1200H: All versions
Aterm WR4100N: All versions
Aterm WR4500N: All versions
Aterm WR6600H: All versions
Aterm WR6650S: All versions
Aterm WR6670S: All versions
Aterm WR7800H: All versions
Aterm WR7850S: All versions
Aterm WR7870S: All versions
Aterm WR8100N: All versions
Aterm WR8150N: All versions
Aterm WR8160N: All versions
Aterm WR8165N: All versions
Aterm WR8166N: All versions
Aterm WR8170N: All versions
Aterm WR8175N: All versions
Aterm WR8200N: All versions
Aterm WR8300N: All versions
Aterm WR8370N: All versions
Aterm WR8400N: All versions
Aterm WR8500N: All versions
Aterm WR8600N: All versions
Aterm WR8700N: All versions
Aterm WR8750N: All versions
Aterm WR9300N: All versions
Aterm WR9500N: All versions
External linkshttp://jvn.jp/en/jp/JVN82074338/index.html
http://jpn.nec.com/security-info/secinfo/nv24-001_en.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Information disclosure
EUVDB-ID: #VU88170
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-28016
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker on the local network can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAterm CR2500P: All versions
Aterm MR01LN: All versions
Aterm MR02LN: All versions
Aterm W300P: All versions
Aterm W1200EX(-MS): All versions
Aterm WF300HP: All versions
Aterm WF300HP2: All versions
Aterm WF800HP: All versions
Aterm WF1200HP: All versions
Aterm WF1200HP2: All versions
Aterm WG300HP: All versions
Aterm WG600HP: All versions
Aterm WG1200HP: All versions
Aterm WG1200HP2: All versions
Aterm WG1200HP3: All versions
Aterm WG1200HS: All versions
Aterm WG1200HS2: All versions
Aterm WG1200HS3: All versions
Aterm WG1400HP: All versions
Aterm WG1800HP: All versions
Aterm WG1800HP2: All versions
Aterm WG1800HP3: All versions
Aterm WG1800HP4: All versions
Aterm WG1810HP(JE): All versions
Aterm WG1810HP(MF): All versions
Aterm WG1900HP: All versions
Aterm WG1900HP2: All versions
Aterm WG2200HP: All versions
Aterm WM3400RN: All versions
Aterm WM3450RN: All versions
Aterm WM3500R: All versions
Aterm WM3600R: All versions
Aterm WM3800R: All versions
Aterm WR1200H: All versions
Aterm WR4100N: All versions
Aterm WR4500N: All versions
Aterm WR6600H: All versions
Aterm WR6650S: All versions
Aterm WR6670S: All versions
Aterm WR7800H: All versions
Aterm WR7850S: All versions
Aterm WR7870S: All versions
Aterm WR8100N: All versions
Aterm WR8150N: All versions
Aterm WR8160N: All versions
Aterm WR8165N: All versions
Aterm WR8166N: All versions
Aterm WR8170N: All versions
Aterm WR8175N: All versions
Aterm WR8200N: All versions
Aterm WR8300N: All versions
Aterm WR8370N: All versions
Aterm WR8400N: All versions
Aterm WR8500N: All versions
Aterm WR8600N: All versions
Aterm WR8700N: All versions
Aterm WR8750N: All versions
Aterm WR9300N: All versions
Aterm WR9500N: All versions
External linkshttp://jvn.jp/en/jp/JVN82074338/index.html
http://jpn.nec.com/security-info/secinfo/nv24-001_en.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
