Search
Find a vulnerability
Search criteria
4 vulnerabilities found for WG2600HS2 by NEC Corporation
CVE-2025-0355 (GCVE-0-2025-0355)
Vulnerability from nvd – Published: 2025-01-15 07:23 – Updated: 2025-01-21 03:34
VLAI
Summary
Missing Authentication for Critical Function vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WF1200CRS Ver.1.6.0 and earlier, WG1200CRS Ver.1.5.0 and earlier, GB1200PE Ver.1.3.0 and earlier, WG2600HP4 Ver.1.4.2 and earlier, WG2600HM4 Ver.1.4.2 and earlier, WG2600HS2 Ver.1.3.2 and earlier, WX3000HP Ver.2.4.2 and earlier and WX4200D5 Ver.1.2.4 and earlier allows a attacker to get a Wi-Fi password via the network.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
1 reference
Impacted products
9 products
| Vendor | Product | Version | |
|---|---|---|---|
| NEC Corporation | WG2600HS |
Affected:
Ver.1.7.2 and earlier
|
|
| NEC Corporation | WF1200CR |
Affected:
Ver.1.6.0 and earlier
|
|
| NEC Corporation | WG1200CR |
Affected:
Ver.1.5.0 and earlier
|
|
| NEC Corporation | GB1200PE |
Affected:
Ver.1.3.0 and earlier
|
|
| NEC Corporation | WG2600HP4 |
Affected:
Ver.1.4.2 and earlier
|
|
| NEC Corporation | WG2600HM4 |
Affected:
Ver.1.4.2 and earlier
|
|
| NEC Corporation | WG2600HS2 |
Affected:
Ver.1.3.2 and earlier
|
|
| NEC Corporation | WX3000HP |
Affected:
Ver.2.4.2 and earlier
|
|
| NEC Corporation | WX4200D5 |
Affected:
Ver.1.2.4 and earlier
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0355",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-15T15:01:29.278695Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-15T15:01:48.659Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "WG2600HS",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.1.7.2 and earlier"
}
]
},
{
"defaultStatus": "unknown",
"product": "WF1200CR",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.1.6.0 and earlier"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1200CR",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.1.5.0 and earlier"
}
]
},
{
"defaultStatus": "unknown",
"product": "GB1200PE",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.1.3.0 and earlier"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG2600HP4",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.1.4.2 and earlier"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG2600HM4",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.1.4.2 and earlier"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG2600HS2",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.1.3.2 and earlier"
}
]
},
{
"defaultStatus": "unknown",
"product": "WX3000HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.2.4.2 and earlier"
}
]
},
{
"defaultStatus": "unknown",
"product": "WX4200D5",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.1.2.4 and earlier"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Takayuki Sasaki and Katsunari Yoshioka of Yokohama National University."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authentication for Critical Function vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WF1200CRS Ver.1.6.0 and earlier, WG1200CRS Ver.1.5.0 and earlier, GB1200PE Ver.1.3.0 and earlier, WG2600HP4 Ver.1.4.2 and earlier, WG2600HM4 Ver.1.4.2 and earlier, WG2600HS2 Ver.1.3.2 and earlier, WX3000HP Ver.2.4.2 and earlier and WX4200D5 Ver.1.2.4 and earlier allows a attacker to get a Wi-Fi password via the network."
}
],
"value": "Missing Authentication for Critical Function vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WF1200CRS Ver.1.6.0 and earlier, WG1200CRS Ver.1.5.0 and earlier, GB1200PE Ver.1.3.0 and earlier, WG2600HP4 Ver.1.4.2 and earlier, WG2600HM4 Ver.1.4.2 and earlier, WG2600HS2 Ver.1.3.2 and earlier, WX3000HP Ver.2.4.2 and earlier and WX4200D5 Ver.1.2.4 and earlier allows a attacker to get a Wi-Fi password via the network."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T03:34:13.440Z",
"orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"shortName": "NEC"
},
"references": [
{
"url": "https://jpn.nec.com/security-info/secinfo/nv25-003_en.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"assignerShortName": "NEC",
"cveId": "CVE-2025-0355",
"datePublished": "2025-01-15T07:23:39.481Z",
"dateReserved": "2025-01-09T06:20:49.647Z",
"dateUpdated": "2025-01-21T03:34:13.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0354 (GCVE-0-2025-0354)
Vulnerability from nvd – Published: 2025-01-15 07:21 – Updated: 2025-04-03 15:38
VLAI
Summary
Cross-site scripting vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WG2600HP4 Ver.1.4.2 and earlier, WG2600HM4 Ver.1.4.2 and earlier, WG2600HS2 Ver.1.3.2 and earlier, WX3000HP Ver.2.4.2 and earlier and WX4200D5 Ver.1.2.4 and earlier allows a attacker to inject an arbitrary script via the network.
Severity
4.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| NEC Corporation | WG2600HS |
Affected:
Ver.1.7.2 and earlier
|
|
| NEC Corporation | WG2600HP4 |
Affected:
Ver.1.4.2 and earlier
|
|
| NEC Corporation | WG2600HM4 |
Affected:
Ver.1.4.2 and earlier
|
|
| NEC Corporation | WG2600HS2 |
Affected:
Ver.1.3.2 and earlier
|
|
| NEC Corporation | WX3000HP |
Affected:
Ver.2.4.2 and earlier
|
|
| NEC Corporation | WX4200D5 |
Affected:
Ver.1.2.4 and earlier
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0354",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-03T15:37:52.480740Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T15:38:02.872Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "WG2600HS",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.1.7.2 and earlier"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG2600HP4",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.1.4.2 and earlier"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG2600HM4",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.1.4.2 and earlier"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG2600HS2",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.1.3.2 and earlier"
}
]
},
{
"defaultStatus": "unknown",
"product": "WX3000HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.2.4.2 and earlier"
}
]
},
{
"defaultStatus": "unknown",
"product": "WX4200D5",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.1.2.4 and earlier"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Takayuki Sasaki and Katsunari Yoshioka of Yokohama National University."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-site scripting vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WG2600HP4 Ver.1.4.2 and earlier, WG2600HM4 Ver.1.4.2 and earlier, WG2600HS2 Ver.1.3.2 and earlier, WX3000HP Ver.2.4.2 and earlier and WX4200D5 Ver.1.2.4 and earlier allows a attacker to inject an arbitrary script via the network."
}
],
"value": "Cross-site scripting vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WG2600HP4 Ver.1.4.2 and earlier, WG2600HM4 Ver.1.4.2 and earlier, WG2600HS2 Ver.1.3.2 and earlier, WX3000HP Ver.2.4.2 and earlier and WX4200D5 Ver.1.2.4 and earlier allows a attacker to inject an arbitrary script via the network."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-17T10:02:08.927Z",
"orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"shortName": "NEC"
},
"references": [
{
"url": "https://jpn.nec.com/security-info/secinfo/nv25-003_en.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"assignerShortName": "NEC",
"cveId": "CVE-2025-0354",
"datePublished": "2025-01-15T07:21:41.810Z",
"dateReserved": "2025-01-09T06:20:47.803Z",
"dateUpdated": "2025-04-03T15:38:02.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0355 (GCVE-0-2025-0355)
Vulnerability from cvelistv5 – Published: 2025-01-15 07:23 – Updated: 2025-01-21 03:34
VLAI
Summary
Missing Authentication for Critical Function vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WF1200CRS Ver.1.6.0 and earlier, WG1200CRS Ver.1.5.0 and earlier, GB1200PE Ver.1.3.0 and earlier, WG2600HP4 Ver.1.4.2 and earlier, WG2600HM4 Ver.1.4.2 and earlier, WG2600HS2 Ver.1.3.2 and earlier, WX3000HP Ver.2.4.2 and earlier and WX4200D5 Ver.1.2.4 and earlier allows a attacker to get a Wi-Fi password via the network.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
1 reference
Impacted products
9 products
| Vendor | Product | Version | |
|---|---|---|---|
| NEC Corporation | WG2600HS |
Affected:
Ver.1.7.2 and earlier
|
|
| NEC Corporation | WF1200CR |
Affected:
Ver.1.6.0 and earlier
|
|
| NEC Corporation | WG1200CR |
Affected:
Ver.1.5.0 and earlier
|
|
| NEC Corporation | GB1200PE |
Affected:
Ver.1.3.0 and earlier
|
|
| NEC Corporation | WG2600HP4 |
Affected:
Ver.1.4.2 and earlier
|
|
| NEC Corporation | WG2600HM4 |
Affected:
Ver.1.4.2 and earlier
|
|
| NEC Corporation | WG2600HS2 |
Affected:
Ver.1.3.2 and earlier
|
|
| NEC Corporation | WX3000HP |
Affected:
Ver.2.4.2 and earlier
|
|
| NEC Corporation | WX4200D5 |
Affected:
Ver.1.2.4 and earlier
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0355",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-15T15:01:29.278695Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-15T15:01:48.659Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "WG2600HS",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.1.7.2 and earlier"
}
]
},
{
"defaultStatus": "unknown",
"product": "WF1200CR",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.1.6.0 and earlier"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1200CR",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.1.5.0 and earlier"
}
]
},
{
"defaultStatus": "unknown",
"product": "GB1200PE",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.1.3.0 and earlier"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG2600HP4",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.1.4.2 and earlier"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG2600HM4",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.1.4.2 and earlier"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG2600HS2",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.1.3.2 and earlier"
}
]
},
{
"defaultStatus": "unknown",
"product": "WX3000HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.2.4.2 and earlier"
}
]
},
{
"defaultStatus": "unknown",
"product": "WX4200D5",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.1.2.4 and earlier"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Takayuki Sasaki and Katsunari Yoshioka of Yokohama National University."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authentication for Critical Function vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WF1200CRS Ver.1.6.0 and earlier, WG1200CRS Ver.1.5.0 and earlier, GB1200PE Ver.1.3.0 and earlier, WG2600HP4 Ver.1.4.2 and earlier, WG2600HM4 Ver.1.4.2 and earlier, WG2600HS2 Ver.1.3.2 and earlier, WX3000HP Ver.2.4.2 and earlier and WX4200D5 Ver.1.2.4 and earlier allows a attacker to get a Wi-Fi password via the network."
}
],
"value": "Missing Authentication for Critical Function vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WF1200CRS Ver.1.6.0 and earlier, WG1200CRS Ver.1.5.0 and earlier, GB1200PE Ver.1.3.0 and earlier, WG2600HP4 Ver.1.4.2 and earlier, WG2600HM4 Ver.1.4.2 and earlier, WG2600HS2 Ver.1.3.2 and earlier, WX3000HP Ver.2.4.2 and earlier and WX4200D5 Ver.1.2.4 and earlier allows a attacker to get a Wi-Fi password via the network."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T03:34:13.440Z",
"orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"shortName": "NEC"
},
"references": [
{
"url": "https://jpn.nec.com/security-info/secinfo/nv25-003_en.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"assignerShortName": "NEC",
"cveId": "CVE-2025-0355",
"datePublished": "2025-01-15T07:23:39.481Z",
"dateReserved": "2025-01-09T06:20:49.647Z",
"dateUpdated": "2025-01-21T03:34:13.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0354 (GCVE-0-2025-0354)
Vulnerability from cvelistv5 – Published: 2025-01-15 07:21 – Updated: 2025-04-03 15:38
VLAI
Summary
Cross-site scripting vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WG2600HP4 Ver.1.4.2 and earlier, WG2600HM4 Ver.1.4.2 and earlier, WG2600HS2 Ver.1.3.2 and earlier, WX3000HP Ver.2.4.2 and earlier and WX4200D5 Ver.1.2.4 and earlier allows a attacker to inject an arbitrary script via the network.
Severity
4.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| NEC Corporation | WG2600HS |
Affected:
Ver.1.7.2 and earlier
|
|
| NEC Corporation | WG2600HP4 |
Affected:
Ver.1.4.2 and earlier
|
|
| NEC Corporation | WG2600HM4 |
Affected:
Ver.1.4.2 and earlier
|
|
| NEC Corporation | WG2600HS2 |
Affected:
Ver.1.3.2 and earlier
|
|
| NEC Corporation | WX3000HP |
Affected:
Ver.2.4.2 and earlier
|
|
| NEC Corporation | WX4200D5 |
Affected:
Ver.1.2.4 and earlier
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0354",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-03T15:37:52.480740Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T15:38:02.872Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "WG2600HS",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.1.7.2 and earlier"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG2600HP4",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.1.4.2 and earlier"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG2600HM4",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.1.4.2 and earlier"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG2600HS2",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.1.3.2 and earlier"
}
]
},
{
"defaultStatus": "unknown",
"product": "WX3000HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.2.4.2 and earlier"
}
]
},
{
"defaultStatus": "unknown",
"product": "WX4200D5",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.1.2.4 and earlier"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Takayuki Sasaki and Katsunari Yoshioka of Yokohama National University."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-site scripting vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WG2600HP4 Ver.1.4.2 and earlier, WG2600HM4 Ver.1.4.2 and earlier, WG2600HS2 Ver.1.3.2 and earlier, WX3000HP Ver.2.4.2 and earlier and WX4200D5 Ver.1.2.4 and earlier allows a attacker to inject an arbitrary script via the network."
}
],
"value": "Cross-site scripting vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WG2600HP4 Ver.1.4.2 and earlier, WG2600HM4 Ver.1.4.2 and earlier, WG2600HS2 Ver.1.3.2 and earlier, WX3000HP Ver.2.4.2 and earlier and WX4200D5 Ver.1.2.4 and earlier allows a attacker to inject an arbitrary script via the network."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-17T10:02:08.927Z",
"orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"shortName": "NEC"
},
"references": [
{
"url": "https://jpn.nec.com/security-info/secinfo/nv25-003_en.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"assignerShortName": "NEC",
"cveId": "CVE-2025-0354",
"datePublished": "2025-01-15T07:21:41.810Z",
"dateReserved": "2025-01-09T06:20:47.803Z",
"dateUpdated": "2025-04-03T15:38:02.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}