Search

Find a vulnerability

Search criteria

    3 vulnerabilities found for RakurakuMusen Start EX by NEC Corporation

    JVNDB-2025-000107

    Vulnerability from jvndb - Published: 2025-11-19 16:22 - Updated:2025-11-19 16:22
    Severity
    Summary
    Installer of RakurakuMusen Start EX for Windows may insecurely load Dynamic Link Libraries
    Details
    Installer of RakurakuMusen Start EX for Windows provided by NEC Corporation uses an inappropriate DLL search path list, which may lead to insecurely loading Dynamic Link Libraries.
    • Uncontrolled search path element (CWE-427) - CVE-2025-12852
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000107.html",
      "dc:date": "2025-11-19T16:22+09:00",
      "dcterms:issued": "2025-11-19T16:22+09:00",
      "dcterms:modified": "2025-11-19T16:22+09:00",
      "description": "Installer of RakurakuMusen Start EX for Windows provided by NEC Corporation uses an inappropriate DLL search path list, which may lead to insecurely loading Dynamic Link Libraries.\u003cul\u003e\u003cli\u003eUncontrolled search path element (CWE-427) - CVE-2025-12852\u003c/li\u003e\u003c/ul\u003e",
      "link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000107.html",
      "sec:cpe": {
        "#text": "cpe:/a:nec:rakuraku_wlanstart_ex",
        "@product": "RakurakuMusen Start EX",
        "@vendor": "NEC Corporation",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "7.8",
        "@severity": "High",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2025-000107",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN50288352/index.html",
          "@id": "JVN#50288352",
          "@source": "JVN"
        },
        {
          "#text": "https://jvn.jp/en/ta/JVNTA91240916/",
          "@id": "Japan Vulnerability Notes JVNTA#91240916",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-12852",
          "@id": "CVE-2025-12852",
          "@source": "CVE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Installer of RakurakuMusen Start EX for Windows may insecurely load Dynamic Link Libraries"
    }

    CVE-2025-12852 (GCVE-0-2025-12852)

    Vulnerability from nvd – Published: 2025-11-19 01:01 – Updated: 2025-11-19 17:13
    VLAI
    Summary
    DLL Loading vulnerability in NEC Corporation RakurakuMusen Start EX All Verisons allows a attacker to manipulate the PC environment to cause unintended operations on the user's device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    NEC
    Impacted products
    Credits
    Kohei Kuroda
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12852",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-19T17:13:04.376581Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-19T17:13:10.642Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "RakurakuMusen Start EX",
              "vendor": "NEC Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Kohei Kuroda"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "DLL Loading vulnerability in NEC Corporation RakurakuMusen Start EX All Verisons allows a attacker to manipulate the PC environment to cause unintended operations on the user\u0027s device."
                }
              ],
              "value": "DLL Loading vulnerability in NEC Corporation RakurakuMusen Start EX All Verisons allows a attacker to manipulate the PC environment to cause unintended operations on the user\u0027s device."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427: Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-19T01:01:46.374Z",
            "orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
            "shortName": "NEC"
          },
          "references": [
            {
              "url": "https://jpn.nec.com/security-info/secinfo/nv25-007_en.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
        "assignerShortName": "NEC",
        "cveId": "CVE-2025-12852",
        "datePublished": "2025-11-19T01:01:46.374Z",
        "dateReserved": "2025-11-07T04:30:21.085Z",
        "dateUpdated": "2025-11-19T17:13:10.642Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12852 (GCVE-0-2025-12852)

    Vulnerability from cvelistv5 – Published: 2025-11-19 01:01 – Updated: 2025-11-19 17:13
    VLAI
    Summary
    DLL Loading vulnerability in NEC Corporation RakurakuMusen Start EX All Verisons allows a attacker to manipulate the PC environment to cause unintended operations on the user's device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    NEC
    Impacted products
    Credits
    Kohei Kuroda
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12852",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-19T17:13:04.376581Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-19T17:13:10.642Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "RakurakuMusen Start EX",
              "vendor": "NEC Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Kohei Kuroda"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "DLL Loading vulnerability in NEC Corporation RakurakuMusen Start EX All Verisons allows a attacker to manipulate the PC environment to cause unintended operations on the user\u0027s device."
                }
              ],
              "value": "DLL Loading vulnerability in NEC Corporation RakurakuMusen Start EX All Verisons allows a attacker to manipulate the PC environment to cause unintended operations on the user\u0027s device."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427: Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-19T01:01:46.374Z",
            "orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
            "shortName": "NEC"
          },
          "references": [
            {
              "url": "https://jpn.nec.com/security-info/secinfo/nv25-007_en.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
        "assignerShortName": "NEC",
        "cveId": "CVE-2025-12852",
        "datePublished": "2025-11-19T01:01:46.374Z",
        "dateReserved": "2025-11-07T04:30:21.085Z",
        "dateUpdated": "2025-11-19T17:13:10.642Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }