Published:2021/04/09  Last Updated:2021/04/09

JVN#67456944
Multiple vulnerabilities in multiple Aterm products

Overview

Multiple Aterm products provided by NEC Corporation contain multiple vulnerabilities.

Products Affected

  • Aterm WG1900HP2 firmware Ver.1.3.1 and earlier
  • Aterm WG1900HP firmware Ver.2.5.1 and earlier
  • Aterm WG1800HP4 firmware Ver.1.3.1 and earlier
  • Aterm WG1800HP3 firmware Ver.1.5.1 and earlier
  • Aterm WG1200HS3 firmware Ver.1.1.2 and earlier - Only affected by CVE-2021-20680 issue
  • Aterm WG1200HS2 firmware Ver.2.5.0 and earlier
  • Aterm WG1200HP3 firmware Ver.1.3.1 and earlier
  • Aterm WG1200HP2 firmware Ver.2.5.0 and earlier
  • Aterm W1200EX firmware Ver.1.3.1 and earlier
  • Aterm W1200EX-MS firmware Ver.1.3.1 and earlier
  • Aterm WG1200HS firmware all versions
  • Aterm WG1200HP firmware all versions
  • Aterm WF800HP firmware all versions
  • Aterm WF300HP2 firmware all versions
  • Aterm WR8165N firmware all versions
  • Aterm W500P firmware all versions
  • Aterm W300P firmware all versions

Description

Multiple Aterm products provided by NEC Corporation contain multiple vulnerabilities listed below.

  • Cross-site Scripting (CWE-79) - CVE-2021-20680
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score: 6.1
    CVSS v2 AV:N/AC:M/Au:N/C:N/I:P/A:N Base Score: 4.3
  • OS command injection via UPnP (CWE-78) - CVE-2014-8361
    CVSS v3 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score: 8.8
    CVSS v2 AV:A/AC:L/Au:N/C:P/I:P/A:P Base Score: 5.8

Impact

  • An arbitrary script may be executed on the user's web browser - CVE-2021-20680
  • When UPnP is enabled, an attacker who can access the product may execute arbitrary OS commands - CVE-2014-8361

Solution

Update the firmware
For the users of WG1900HP2, WG1900HP, WG1800HP4, WG1200HS3, WG1200HS2, WG1200HP3, WG1200HP2, W1200EX, and W1200EX-MS:
Update the firmware to the latest version according to the information provided by the developer.
According to the developer, the fixed firmware for WG1800HP3 will be released later. Until then, apply the following workarounds.

Apply workarounds
For the users of WG1200HS, WG1200HP, WF800HP, WF300HP2, WR8165N, W500P, and W300P:
According to the developer, the update firmware for these pruducts is not planned to be released.
Applying the following workarounds may mitigate the impacts of the vulnerabilities.

  • Change the passwords of the web-based management utility and the Wi-Fi encryption key to stronger ones
  • CVE-2021-20680
    • When accessing a website, use a URL obtained from a trusted source and bookmark it. For subsequent accesses, use the bookmarked URL.
    • Close the web browser after the operation is finished on the web-based management utility.
    • Delete the credential of the web-based management utility stored in the web browser.
  • CVE-2014-8361
    • Disable UPnP.

Vendor Status

Vendor Status Last Update Vendor Notes
NEC Corporation Vulnerable 2021/04/09

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

CVE-2021-20680
Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

CVE-2014-8361
Satoru Nagaoka of Cyber Defense Institute, Inc, Katsuhiko Sato (a.k.a. goroh_kun) and Ryo Kashiro of 00One, Inc. and Rintaro Fujita of Nippon Telegraph and Telephone Corporation reported to IPA that CVE-2014-8361 vulnerability still exists in NEC Corporation products. JPCERT/CC coordinated with the developer.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2014-8361
CVE-2021-20680
JVN iPedia JVNDB-2021-000028