Published:2025/02/14  Last Updated:2025/02/14

JVN#65447879
Multiple vulnerabilities in NEC Aterm series (NV25-003)

Overview

Aterm series provided by NEC Corporation contains multiple vulnerabilities.

Products Affected

CVE-2025-0354

  • WG2600HS firmware prior to Ver.1.7.2
  • WG2600HP4 firmware prior to Ver.1.4.2
  • WG2600HM4 firmware prior to Ver.1.4.2
  • WG2600HS2 firmware prior to Ver.1.3.2
  • WX3000HP firmware prior to Ver.2.4.2
  • WX4200D5 firmware prior to Ver.1.2.4
CVE-2025-0355
  • WG2600HS firmware prior to Ver.1.7.2
  • WF1200CR firmware prior to Ver.1.6.0
  • WG1200CR firmware prior to Ver.1.5.0
  • GB1200PE firmware prior to Ver.1.3.0
  • WG2600HP4 firmware prior to Ver.1.4.2
  • WG2600HM4 firmware prior to Ver.1.4.2
  • WG2600HS2 firmware prior to Ver.1.3.2
  • WX3000HP firmware prior to Ver.2.4.2
  • WX4200D5 firmware prior to Ver.1.2.4
CVE-2025-0356
  • WX1500HP firmware prior to Ver.1.4.2
  • WX3600HP firmware prior to Ver.1.5.3

Description

Aterm series provided by NEC Corporation contains multiple vulnerabilities listed below.

  • Stored Cross-site Scripting (CWE-79)
    • CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N Base Score 4.8
    • CVE-2025-0354
  • Missing Authentication for Critical Function (CWE-306)
    • CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score 7.5
    • CVE-2025-0355
  • OS Command Injection (CWE-78)
    • CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 7.2
    • CVE-2025-0356

Impact

  • If a crafted input is stored by a logged-in user and a victim user accesses the management page of the affected product, an arbitrary script may be executed on the victim user's web browser (CVE-2025-0354)
  • An unauthenticated attacker may obtain the Wi-Fi passwords (CVE-2025-0355)
  • If a logged-in user sends a specially crafted request to the affected product, an arbitrary OS command may be executed on the affected product (CVE-2025-0356)

Solution

Update the firmware
Update the firmware to the latest version according to the information provided by the developer.

Apply the Workaround
The developer recommends the users to apply the workaround if the firmware cannot be updated.

Stop using the products
Some affected products are no longer supported. Stop using the vulnerable products and consider switching to alternatives.

For more information, refer to the information provided by the developer.

Vendor Status

Vendor Status Last Update Vendor Notes
NEC Corporation Vulnerable 2025/02/14

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

CVE-2025-0354, CVE-2025-0355
Takayuki Sasaki and Katsunari Yoshioka of Yokohama National University reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.

CVE-2025-0356
Kakeru Kajihara of NTT Security Holdings reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia JVNDB-2025-000002