#VU88157 Incorrect permission assignment for critical resource in NEC Corporation products - CVE-2024-28005

Cybersecurity Help s.r.o.

Published: 2024-04-05

Vulnerability identifier: #VU88157

Vulnerability risk: Medium

CVSSv4.0: 6.1 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-28005

CWE-ID: CWE-732

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Aterm CR2500P
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm MR01LN
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm MR02LN
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm W300P
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm W1200EX(-MS)
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm WF300HP
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm WF300HP2
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm WF1200HP
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm WF1200HP2
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm WG300HP
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm WG600HP
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm WG1200HP
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm WG1200HP2
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm WG1200HP3
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm WG1200HS
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm WG1200HS2
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm WG1200HS3
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm WG1400HP
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm WG1800HP
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm WG1800HP2
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm WG1800HP3
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm WG1800HP4
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm WG1810HP(JE)
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm WG1810HP(MF)
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm WG1900HP
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm WG1900HP2
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm WG2200HP
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm WM3400RN
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm WM3450RN
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm WM3500R
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm WM3600R
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm WM3800R
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm WR1200H
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm WR4100N
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm WR4500N
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm WR6600H
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm WR6650S
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm WR6670S
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm WR7800H
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm WR7850S
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm WR7870S
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm WR8100N
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm WR8150N
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm WR8160N
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm WR8165N
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm WR8166N
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm WR8170N
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm WR8175N
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm WR8200N
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm WR8300N
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm WR8370N
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm WR8400N
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm WR8500N
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm WR8600N
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm WR8700N
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm WR8750N
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm WR9300N
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm WR9500N
Hardware solutions / Routers & switches, VoIP, GSM, etc
Aterm WF800HP
Hardware solutions / Other hardware appliances

Vendor: NEC Corporation

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to incorrect permission assignment for critical resource. A remote user on the local network can execute a shell with the root privilege.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Aterm CR2500P: All versions

Aterm MR01LN: All versions

Aterm MR02LN: All versions

Aterm W300P: All versions

Aterm W1200EX(-MS): All versions

Aterm WF300HP: All versions

Aterm WF300HP2: All versions

Aterm WF800HP: All versions

Aterm WF1200HP: All versions

Aterm WF1200HP2: All versions

Aterm WG300HP: All versions

Aterm WG600HP: All versions

Aterm WG1200HP: All versions

Aterm WG1200HP2: All versions

Aterm WG1200HP3: All versions

Aterm WG1200HS: All versions

Aterm WG1200HS2: All versions

Aterm WG1200HS3: All versions

Aterm WG1400HP: All versions

Aterm WG1800HP: All versions

Aterm WG1800HP2: All versions

Aterm WG1800HP3: All versions

Aterm WG1800HP4: All versions

Aterm WG1810HP(JE): All versions

Aterm WG1810HP(MF): All versions

Aterm WG1900HP: All versions

Aterm WG1900HP2: All versions

Aterm WG2200HP: All versions

Aterm WM3400RN: All versions

Aterm WM3450RN: All versions

Aterm WM3500R: All versions

Aterm WM3600R: All versions

Aterm WM3800R: All versions

Aterm WR1200H: All versions

Aterm WR4100N: All versions

Aterm WR4500N: All versions

Aterm WR6600H: All versions

Aterm WR6650S: All versions

Aterm WR6670S: All versions

Aterm WR7800H: All versions

Aterm WR7850S: All versions

Aterm WR7870S: All versions

Aterm WR8100N: All versions

Aterm WR8150N: All versions

Aterm WR8160N: All versions

Aterm WR8165N: All versions

Aterm WR8166N: All versions

Aterm WR8170N: All versions

Aterm WR8175N: All versions

Aterm WR8200N: All versions

Aterm WR8300N: All versions

Aterm WR8370N: All versions

Aterm WR8400N: All versions

Aterm WR8500N: All versions

Aterm WR8600N: All versions

Aterm WR8700N: All versions

Aterm WR8750N: All versions

Aterm WR9300N: All versions

Aterm WR9500N: All versions

External links
https://jvn.jp/en/jp/JVN82074338/index.html
https://jpn.nec.com/security-info/secinfo/nv24-001_en.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in NEC Aterm series