Search

Find a vulnerability

Search criteria

    1 vulnerability found for Aterm WR4100N by NEC Corporation

    JVNDB-2024-000037

    Vulnerability from jvndb - Published: 2024-04-05 14:53 - Updated:2024-04-05 14:53
    Severity
    Summary
    Multiple vulnerabilities in NEC Aterm series
    Details
    Aterm series provided by NEC Corporation contains multiple vulnerabilities listed below.
    • Incorrect Permission Assignment for Critical Resource (CWE-732) - CVE-2024-28005
    • Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) - CVE-2024-28006
    • Incorrect Permission Assignment for Critical Resource (CWE-732) - CVE-2024-28007
    • Active Debug Code (CWE-489) - CVE-2024-28008
    • Use of Weak Credentials (CWE-1391) - CVE-2024-28009, CVE-2024-28012
    • Use of Hard-coded Credentials (CWE-798) - CVE-2024-28010
    • Inclusion of Undocumented Features (CWE-1242) - CVE-2024-28011
    • Insufficient Session Expiration (CWE-613) - CVE-2024-28013
    • Buffer Overflow (CWE-120) - CVE-2024-28014
    • OS Command Injection in the web management console (CWE-78) - CVE-2024-28015
    • Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) - CVE-2024-28016
    The following people reported the vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2024-28005, CVE-2024-28008 Ryo Kashiro, and Katsuhiko Sato, and Takayuki Sasaki, and Katsunari Yoshioka of Yokohama National University CVE-2024-28006, CVE-2024-28007, CVE-2024-28009, CVE-2024-28010, CVE-2024-28011, CVE-2024-28012 Ryo Kashiro, and Katsuhiko Sato CVE-2024-28013 Yudai Morii, Takaya Noma, Takayuki Sasaki, and Katsunari Yoshioka of Yokohama National University CVE-2024-28014, CVE-2024-28015, CVE-2024-28016 Takayuki Sasaki, and Katsunari Yoshioka of Yokohama National University
    Impacted products
    NEC Corporation Aterm WM3400RN
    NEC Corporation Aterm WM3450RN
    NEC Corporation Aterm WM3600R
    NEC Corporation Aterm WR8160N
    NEC Corporation Aterm CR2500P
    NEC Corporation Aterm MR01LN
    NEC Corporation Aterm MR02LN
    NEC Corporation Aterm W1200EX(-MS)
    NEC Corporation Aterm W300P
    NEC Corporation Aterm WF1200HP
    NEC Corporation Aterm WF1200HP2
    NEC Corporation Aterm WF300HP2
    NEC Corporation Aterm WF300HP
    NEC Corporation Aterm WF800HP
    NEC Corporation Aterm WG1200HP2
    NEC Corporation Aterm WG1200HP3
    NEC Corporation Aterm WG1200HP
    NEC Corporation Aterm WG1200HS2
    NEC Corporation Aterm WG1200HS3
    NEC Corporation Aterm WG1200HS
    NEC Corporation Aterm WG1400HP
    NEC Corporation Aterm WG1800HP2
    NEC Corporation Aterm WG1800HP3
    NEC Corporation Aterm WG1800HP4
    NEC Corporation Aterm WG1800HP
    NEC Corporation Aterm WG1810HP(JE)
    NEC Corporation Aterm WG1810HP(MF)
    NEC Corporation Aterm WG1900HP2
    NEC Corporation Aterm WG1900HP
    NEC Corporation Aterm WG2200HP
    NEC Corporation Aterm WG300HP
    NEC Corporation Aterm WG600HP
    NEC Corporation Aterm WM3500R
    NEC Corporation Aterm WM3800R
    NEC Corporation Aterm WR1200H
    NEC Corporation Aterm WR4100N
    NEC Corporation Aterm WR4500N
    NEC Corporation Aterm WR6600H
    NEC Corporation Aterm WR6650S
    NEC Corporation Aterm WR6670S
    NEC Corporation Aterm WR7800H
    NEC Corporation Aterm WR7850S
    NEC Corporation Aterm WR7870S
    NEC Corporation Aterm WR8100N
    NEC Corporation Aterm WR8150N
    NEC Corporation Aterm WR8165N
    NEC Corporation Aterm WR8166N
    NEC Corporation Aterm WR8170N
    NEC Corporation Aterm WR8175N
    NEC Corporation Aterm WR8200N
    NEC Corporation Aterm WR8300N
    NEC Corporation Aterm WR8370N
    NEC Corporation Aterm WR8400N
    NEC Corporation Aterm WR8500N
    NEC Corporation Aterm WR8600N
    NEC Corporation Aterm WR8700N
    NEC Corporation Aterm WR8750N
    NEC Corporation Aterm WR9300N
    NEC Corporation Aterm WR9500N
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000037.html",
      "dc:date": "2024-04-05T14:53+09:00",
      "dcterms:issued": "2024-04-05T14:53+09:00",
      "dcterms:modified": "2024-04-05T14:53+09:00",
      "description": "Aterm series provided by NEC Corporation contains multiple vulnerabilities listed below.\r\n\r\n\u003cul\u003e\r\n\u003cli\u003eIncorrect Permission Assignment for Critical Resource (CWE-732) - CVE-2024-28005\u003c/li\u003e\r\n\u003cli\u003eExposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) - CVE-2024-28006\u003c/li\u003e\r\n\u003cli\u003eIncorrect Permission Assignment for Critical Resource (CWE-732) - CVE-2024-28007\u003c/li\u003e\r\n\u003cli\u003eActive Debug Code (CWE-489) - CVE-2024-28008\u003c/li\u003e\r\n\u003cli\u003eUse of Weak Credentials (CWE-1391) - CVE-2024-28009, CVE-2024-28012\u003c/li\u003e\r\n\u003cli\u003eUse of Hard-coded Credentials (CWE-798) - CVE-2024-28010\u003c/li\u003e\r\n\u003cli\u003eInclusion of Undocumented Features (CWE-1242) - CVE-2024-28011\u003c/li\u003e\r\n\u003cli\u003eInsufficient Session Expiration (CWE-613) - CVE-2024-28013\u003c/li\u003e\r\n\u003cli\u003eBuffer Overflow (CWE-120) - CVE-2024-28014\u003c/li\u003e\r\n\u003cli\u003eOS Command Injection in the web management console (CWE-78) - CVE-2024-28015\u003c/li\u003e\r\n\u003cli\u003eExposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) - CVE-2024-28016\u003c/li\u003e\r\n\u003c/ul\u003e\r\n\r\nThe following people reported the vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2024-28005, CVE-2024-28008\r\nRyo Kashiro, and Katsuhiko Sato, and Takayuki Sasaki, and Katsunari Yoshioka of Yokohama National University\r\n\r\nCVE-2024-28006, CVE-2024-28007, CVE-2024-28009, CVE-2024-28010, CVE-2024-28011, CVE-2024-28012\r\nRyo Kashiro, and Katsuhiko Sato\r\n\r\nCVE-2024-28013\r\nYudai Morii, Takaya Noma, Takayuki Sasaki, and Katsunari Yoshioka of Yokohama National University\r\n\r\nCVE-2024-28014, CVE-2024-28015, CVE-2024-28016\r\nTakayuki Sasaki, and Katsunari Yoshioka of Yokohama National University",
      "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000037.html",
      "sec:cpe": [
        {
          "#text": "cpe:/h:nec:atermwm3400rn",
          "@product": "Aterm WM3400RN",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/h:nec:atermwm3450rn",
          "@product": "Aterm WM3450RN",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/h:nec:atermwm3600r",
          "@product": "Aterm WM3600R",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/h:nec:atermwr8160n",
          "@product": "Aterm WR8160N",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_cr2500p",
          "@product": "Aterm CR2500P",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_mr01ln",
          "@product": "Aterm MR01LN",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_mr02ln",
          "@product": "Aterm MR02LN",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_w1200ex(-ms)",
          "@product": "Aterm W1200EX(-MS)",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_w300p_firmware",
          "@product": "Aterm W300P",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_wf1200hp",
          "@product": "Aterm WF1200HP",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_wf1200hp2",
          "@product": "Aterm WF1200HP2",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_wf300hp2_firmware",
          "@product": "Aterm WF300HP2",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_wf300hp_firmware",
          "@product": "Aterm WF300HP",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_wf800hp_firmware",
          "@product": "Aterm WF800HP",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_wg1200hp2_firmware",
          "@product": "Aterm WG1200HP2",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_wg1200hp3_firmware",
          "@product": "Aterm WG1200HP3",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_wg1200hp_firmware",
          "@product": "Aterm WG1200HP",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_wg1200hs2_firmware",
          "@product": "Aterm WG1200HS2",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_wg1200hs3_firmware",
          "@product": "Aterm WG1200HS3",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_wg1200hs_firmware",
          "@product": "Aterm WG1200HS",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_wg1400hp_firmware",
          "@product": "Aterm WG1400HP",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_wg1800hp2_firmware",
          "@product": "Aterm WG1800HP2",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_wg1800hp3_firmware",
          "@product": "Aterm WG1800HP3",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_wg1800hp4_firmware",
          "@product": "Aterm WG1800HP4",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_wg1800hp_firmware",
          "@product": "Aterm WG1800HP",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_wg1810hp(je)",
          "@product": "Aterm WG1810HP(JE)",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_wg1810hp(mf)",
          "@product": "Aterm WG1810HP(MF)",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_wg1900hp2_firmware",
          "@product": "Aterm WG1900HP2",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_wg1900hp_firmware",
          "@product": "Aterm WG1900HP",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_wg2200hp_firmware",
          "@product": "Aterm WG2200HP",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_wg300hp_firmware",
          "@product": "Aterm WG300HP",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_wg600hp_firmware",
          "@product": "Aterm WG600HP",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_wm3500r",
          "@product": "Aterm WM3500R",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_wm3800r",
          "@product": "Aterm WM3800R",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_wr1200h",
          "@product": "Aterm WR1200H",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_wr4100n",
          "@product": "Aterm WR4100N",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_wr4500n",
          "@product": "Aterm WR4500N",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_wr6600h",
          "@product": "Aterm WR6600H",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_wr6650s",
          "@product": "Aterm WR6650S",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_wr6670s",
          "@product": "Aterm WR6670S",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_wr7800h",
          "@product": "Aterm WR7800H",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_wr7850s",
          "@product": "Aterm WR7850S",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_wr7870s",
          "@product": "Aterm WR7870S",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_wr8100n",
          "@product": "Aterm WR8100N",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_wr8150n",
          "@product": "Aterm WR8150N",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_wr8165n_firmware",
          "@product": "Aterm WR8165N",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_wr8166n",
          "@product": "Aterm WR8166N",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_wr8170n_firmware",
          "@product": "Aterm WR8170N",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_wr8175n_firmware",
          "@product": "Aterm WR8175N",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_wr8200n",
          "@product": "Aterm WR8200N",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_wr8300n",
          "@product": "Aterm WR8300N",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_wr8370n_firmware",
          "@product": "Aterm WR8370N",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_wr8400n",
          "@product": "Aterm WR8400N",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_wr8500n",
          "@product": "Aterm WR8500N",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_wr8600n_firmware",
          "@product": "Aterm WR8600N",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_wr8700n_firmware",
          "@product": "Aterm WR8700N",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_wr8750n_firmware",
          "@product": "Aterm WR8750N",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_wr9300n_firmware",
          "@product": "Aterm WR9300N",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:nec:aterm_wr9500n_firmware",
          "@product": "Aterm WR9500N",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "8.8",
        "@severity": "High",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2024-000037",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN82074338/index.html",
          "@id": "JVN#82074338",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-28005",
          "@id": "CVE-2024-28005",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-28006",
          "@id": "CVE-2024-28006",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-28007",
          "@id": "CVE-2024-28007",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-28008",
          "@id": "CVE-2024-28008",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-28009",
          "@id": "CVE-2024-28009",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-28010",
          "@id": "CVE-2024-28010",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-28011",
          "@id": "CVE-2024-28011",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-28012",
          "@id": "CVE-2024-28012",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-28013",
          "@id": "CVE-2024-28013",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-28014",
          "@id": "CVE-2024-28014",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-28015",
          "@id": "CVE-2024-28015",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-280016",
          "@id": "CVE-2024-28016",
          "@source": "CVE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-119",
          "@title": "Buffer Errors(CWE-119)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-200",
          "@title": "Information Exposure(CWE-200)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-287",
          "@title": "Improper Authentication(CWE-287)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-78",
          "@title": "OS Command Injection(CWE-78)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Multiple vulnerabilities in NEC Aterm series"
    }