#VU88164 Use of Weak Credentials in NEC Corporation products - CVE-2024-28012
Published: April 5, 2024
Vulnerability identifier: #VU88164
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-28012
CWE-ID: CWE-1391
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Aterm CR2500P
Aterm MR01LN
Aterm MR02LN
Aterm W300P
Aterm W1200EX(-MS)
Aterm WF300HP
Aterm WF300HP2
Aterm WF1200HP
Aterm WF1200HP2
Aterm WG300HP
Aterm WG600HP
Aterm WG1200HP
Aterm WG1200HP2
Aterm WG1200HP3
Aterm WG1200HS
Aterm WG1200HS2
Aterm WG1200HS3
Aterm WG1400HP
Aterm WG1800HP
Aterm WG1800HP2
Aterm WG1800HP3
Aterm WG1800HP4
Aterm WG1810HP(JE)
Aterm WG1810HP(MF)
Aterm WG1900HP
Aterm WG1900HP2
Aterm WG2200HP
Aterm WM3400RN
Aterm WM3450RN
Aterm WM3500R
Aterm WM3600R
Aterm WM3800R
Aterm WR1200H
Aterm WR4100N
Aterm WR4500N
Aterm WR6600H
Aterm WR6650S
Aterm WR6670S
Aterm WR7800H
Aterm WR7850S
Aterm WR7870S
Aterm WR8100N
Aterm WR8150N
Aterm WR8160N
Aterm WR8165N
Aterm WR8166N
Aterm WR8170N
Aterm WR8175N
Aterm WR8200N
Aterm WR8300N
Aterm WR8370N
Aterm WR8400N
Aterm WR8500N
Aterm WR8600N
Aterm WR8700N
Aterm WR8750N
Aterm WR9300N
Aterm WR9500N
Aterm WF800HP
Aterm CR2500P
Aterm MR01LN
Aterm MR02LN
Aterm W300P
Aterm W1200EX(-MS)
Aterm WF300HP
Aterm WF300HP2
Aterm WF1200HP
Aterm WF1200HP2
Aterm WG300HP
Aterm WG600HP
Aterm WG1200HP
Aterm WG1200HP2
Aterm WG1200HP3
Aterm WG1200HS
Aterm WG1200HS2
Aterm WG1200HS3
Aterm WG1400HP
Aterm WG1800HP
Aterm WG1800HP2
Aterm WG1800HP3
Aterm WG1800HP4
Aterm WG1810HP(JE)
Aterm WG1810HP(MF)
Aterm WG1900HP
Aterm WG1900HP2
Aterm WG2200HP
Aterm WM3400RN
Aterm WM3450RN
Aterm WM3500R
Aterm WM3600R
Aterm WM3800R
Aterm WR1200H
Aterm WR4100N
Aterm WR4500N
Aterm WR6600H
Aterm WR6650S
Aterm WR6670S
Aterm WR7800H
Aterm WR7850S
Aterm WR7870S
Aterm WR8100N
Aterm WR8150N
Aterm WR8160N
Aterm WR8165N
Aterm WR8166N
Aterm WR8170N
Aterm WR8175N
Aterm WR8200N
Aterm WR8300N
Aterm WR8370N
Aterm WR8400N
Aterm WR8500N
Aterm WR8600N
Aterm WR8700N
Aterm WR8750N
Aterm WR9300N
Aterm WR9500N
Aterm WF800HP
Software vendor:
NEC Corporation
NEC Corporation
Description
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to weak credentials. A remote attacker on the local network can guess the ID and password, and log in to telnet service.
Remediation
Install updates from vendor's website.