JVN#82074338
Multiple vulnerabilities in NEC Aterm series

Overview

Aterm series provided by NEC Corporation contains multiple vulnerabilities.

Products Affected

All versions of following Aterm series are affected by the vulnerabilities.

• CR2500P
• MR01LN
• MR02LN
• W300P
• W1200EX(-MS)
• WF300HP
• WF300HP2
• WF800HP
• WF1200HP
• WF1200HP2
• WG300HP
• WG600HP
• WG1200HP
• WG1200HP2
• WG1200HP3
• WG1200HS
• WG1200HS2
• WG1200HS3
• WG1400HP
• WG1800HP
• WG1800HP2
• WG1800HP3
• WG1800HP4
• WG1810HP(JE)
• WG1810HP(MF)
• WG1900HP
• WG1900HP2
• WG2200HP
• WM3400RN
• WM3450RN
• WM3500R
• WM3600R
• WM3800R
• WR1200H
• WR4100N
• WR4500N
• WR6600H
• WR6650S
• WR6670S
• WR7800H
• WR7850S
• WR7870S
• WR8100N
• WR8150N
• WR8160N
• WR8165N
• WR8166N
• WR8170N
• WR8175N
• WR8200N
• WR8300N
• WR8370N
• WR8400N
• WR8500N
• WR8600N
• WR8700N
• WR8750N
• WR9300N
• WR9500N

Description

Aterm series provided by NEC Corporation contains multiple vulnerabilities listed below.

• Incorrect Permission Assignment for Critical Resource (CWE-732)
  • CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 8.0
  • CVE-2024-28005
• Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497)
  • CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score 6.5
  • CVE-2024-28006
• Incorrect Permission Assignment for Critical Resource (CWE-732)
  • CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 8.0
  • CVE-2024-28007
• Active Debug Code (CWE-489)
  • CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 8.0
  • CVE-2024-28008
• Use of Weak Credentials (CWE-1391)
  • CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score 6.5
  • CVE-2024-28009, CVE-2024-28012
• Use of Hard-coded Credentials (CWE-798)
  • CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score 6.5
  • CVE-2024-28010
• Inclusion of Undocumented Features (CWE-1242)
  • CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Base Score 4.3
  • CVE-2024-28011
• Insufficient Session Expiration (CWE-613)
  • CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score 4.3
  • CVE-2024-28013
• Buffer Overflow (CWE-120)
  • CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 8.8
  • CVE-2024-28014
• OS Command Injection in the web management console (CWE-78)
  • CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 6.8
  • CVE-2024-28015
• Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497)
  • CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Base Score 4.3
  • CVE-2024-28016

Impact

• If a user logs in to the product through the telnet service and alters the device configuration, a shell may be executed with the root privilege (CVE-2024-28005)
• An unauthenticated attacker may obtain sensitive information (CVE-2024-28006)
• If a user enables telnet service and logs in, a shell may be executed with the root privilege (CVE-2024-28007)
• If a user logs in to the product through the telnet service, the debug function may be used (CVE-2024-28008)
• An unauthenticated attacker may guess the ID and password, and log in to telnet service (CVE-2024-28009, CVE-2024-28010, CVE-2024-28012)
• An unauthenticated attacker may access telnet service unlimitedly (CVE-2024-28011)
• An attacker may alter the device settings without logging in (CVE-2024-28013)
• An unauthenticated attacker may execute an arbitrary code (CVE-2024-28014)
• A logged-in user may execute an arbitrary command through the device's management page (CVE-2024-28015)
• An unauthenticated attacker may obtain information such as model numbers (CVE-2024-28016)

Solution

Update the firmware
Update the firmware to the latest version according to the information provided by the developer.

Apply the Workaround
The developer also recommends users apply the workaround.

Stop using the products
Some affected products are no longer supported. Stop using the vulnerable products and consider switching to alternatives.

For more information, refer to the information provided by the developer.