All the vulnerabilites related to NEC Corporation - Aterm CR2500P
jvndb-2024-000037
Vulnerability from jvndb
Published
2024-04-05 14:53
Modified
2024-04-05 14:53
Severity ?
Summary
Multiple vulnerabilities in NEC Aterm series
Details
Aterm series provided by NEC Corporation contains multiple vulnerabilities listed below. <ul> <li>Incorrect Permission Assignment for Critical Resource (CWE-732) - CVE-2024-28005</li> <li>Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) - CVE-2024-28006</li> <li>Incorrect Permission Assignment for Critical Resource (CWE-732) - CVE-2024-28007</li> <li>Active Debug Code (CWE-489) - CVE-2024-28008</li> <li>Use of Weak Credentials (CWE-1391) - CVE-2024-28009, CVE-2024-28012</li> <li>Use of Hard-coded Credentials (CWE-798) - CVE-2024-28010</li> <li>Inclusion of Undocumented Features (CWE-1242) - CVE-2024-28011</li> <li>Insufficient Session Expiration (CWE-613) - CVE-2024-28013</li> <li>Buffer Overflow (CWE-120) - CVE-2024-28014</li> <li>OS Command Injection in the web management console (CWE-78) - CVE-2024-28015</li> <li>Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) - CVE-2024-28016</li> </ul> The following people reported the vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2024-28005, CVE-2024-28008 Ryo Kashiro, and Katsuhiko Sato, and Takayuki Sasaki, and Katsunari Yoshioka of Yokohama National University CVE-2024-28006, CVE-2024-28007, CVE-2024-28009, CVE-2024-28010, CVE-2024-28011, CVE-2024-28012 Ryo Kashiro, and Katsuhiko Sato CVE-2024-28013 Yudai Morii, Takaya Noma, Takayuki Sasaki, and Katsunari Yoshioka of Yokohama National University CVE-2024-28014, CVE-2024-28015, CVE-2024-28016 Takayuki Sasaki, and Katsunari Yoshioka of Yokohama National University
Impacted products
NEC CorporationAterm WM3400RN
NEC CorporationAterm WM3450RN
NEC CorporationAterm WM3600R
NEC CorporationAterm WR8160N
NEC CorporationAterm CR2500P
NEC CorporationAterm MR01LN
NEC CorporationAterm MR02LN
NEC CorporationAterm W1200EX(-MS)
NEC CorporationAterm W300P
NEC CorporationAterm WF1200HP
NEC CorporationAterm WF1200HP2
NEC CorporationAterm WF300HP2
NEC CorporationAterm WF300HP
NEC CorporationAterm WF800HP
NEC CorporationAterm WG1200HP2
NEC CorporationAterm WG1200HP3
NEC CorporationAterm WG1200HP
NEC CorporationAterm WG1200HS2
NEC CorporationAterm WG1200HS3
NEC CorporationAterm WG1200HS
NEC CorporationAterm WG1400HP
NEC CorporationAterm WG1800HP2
NEC CorporationAterm WG1800HP3
NEC CorporationAterm WG1800HP4
NEC CorporationAterm WG1800HP
NEC CorporationAterm WG1810HP(JE)
NEC CorporationAterm WG1810HP(MF)
NEC CorporationAterm WG1900HP2
NEC CorporationAterm WG1900HP
NEC CorporationAterm WG2200HP
NEC CorporationAterm WG300HP
NEC CorporationAterm WG600HP
NEC CorporationAterm WM3500R
NEC CorporationAterm WM3800R
NEC CorporationAterm WR1200H
NEC CorporationAterm WR4100N
NEC CorporationAterm WR4500N
NEC CorporationAterm WR6600H
NEC CorporationAterm WR6650S
NEC CorporationAterm WR6670S
NEC CorporationAterm WR7800H
NEC CorporationAterm WR7850S
NEC CorporationAterm WR7870S
NEC CorporationAterm WR8100N
NEC CorporationAterm WR8150N
NEC CorporationAterm WR8165N
NEC CorporationAterm WR8166N
NEC CorporationAterm WR8170N
NEC CorporationAterm WR8175N
NEC CorporationAterm WR8200N
NEC CorporationAterm WR8300N
NEC CorporationAterm WR8370N
NEC CorporationAterm WR8400N
NEC CorporationAterm WR8500N
NEC CorporationAterm WR8600N
NEC CorporationAterm WR8700N
NEC CorporationAterm WR8750N
NEC CorporationAterm WR9300N
NEC CorporationAterm WR9500N
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000037.html",
  "dc:date": "2024-04-05T14:53+09:00",
  "dcterms:issued": "2024-04-05T14:53+09:00",
  "dcterms:modified": "2024-04-05T14:53+09:00",
  "description": "Aterm series provided by NEC Corporation contains multiple vulnerabilities listed below.\r\n\r\n\u003cul\u003e\r\n\u003cli\u003eIncorrect Permission Assignment for Critical Resource (CWE-732) - CVE-2024-28005\u003c/li\u003e\r\n\u003cli\u003eExposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) - CVE-2024-28006\u003c/li\u003e\r\n\u003cli\u003eIncorrect Permission Assignment for Critical Resource (CWE-732) - CVE-2024-28007\u003c/li\u003e\r\n\u003cli\u003eActive Debug Code (CWE-489) - CVE-2024-28008\u003c/li\u003e\r\n\u003cli\u003eUse of Weak Credentials (CWE-1391) - CVE-2024-28009, CVE-2024-28012\u003c/li\u003e\r\n\u003cli\u003eUse of Hard-coded Credentials (CWE-798) - CVE-2024-28010\u003c/li\u003e\r\n\u003cli\u003eInclusion of Undocumented Features (CWE-1242) - CVE-2024-28011\u003c/li\u003e\r\n\u003cli\u003eInsufficient Session Expiration (CWE-613) - CVE-2024-28013\u003c/li\u003e\r\n\u003cli\u003eBuffer Overflow (CWE-120) - CVE-2024-28014\u003c/li\u003e\r\n\u003cli\u003eOS Command Injection in the web management console (CWE-78) - CVE-2024-28015\u003c/li\u003e\r\n\u003cli\u003eExposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) - CVE-2024-28016\u003c/li\u003e\r\n\u003c/ul\u003e\r\n\r\nThe following people reported the vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2024-28005, CVE-2024-28008\r\nRyo Kashiro, and Katsuhiko Sato, and Takayuki Sasaki, and Katsunari Yoshioka of Yokohama National University\r\n\r\nCVE-2024-28006, CVE-2024-28007, CVE-2024-28009, CVE-2024-28010, CVE-2024-28011, CVE-2024-28012\r\nRyo Kashiro, and Katsuhiko Sato\r\n\r\nCVE-2024-28013\r\nYudai Morii, Takaya Noma, Takayuki Sasaki, and Katsunari Yoshioka of Yokohama National University\r\n\r\nCVE-2024-28014, CVE-2024-28015, CVE-2024-28016\r\nTakayuki Sasaki, and Katsunari Yoshioka of Yokohama National University",
  "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000037.html",
  "sec:cpe": [
    {
      "#text": "cpe:/h:nec:atermwm3400rn",
      "@product": "Aterm WM3400RN",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:nec:atermwm3450rn",
      "@product": "Aterm WM3450RN",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:nec:atermwm3600r",
      "@product": "Aterm WM3600R",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:nec:atermwr8160n",
      "@product": "Aterm WR8160N",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_cr2500p",
      "@product": "Aterm CR2500P",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_mr01ln",
      "@product": "Aterm MR01LN",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_mr02ln",
      "@product": "Aterm MR02LN",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_w1200ex(-ms)",
      "@product": "Aterm W1200EX(-MS)",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_w300p_firmware",
      "@product": "Aterm W300P",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wf1200hp",
      "@product": "Aterm WF1200HP",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wf1200hp2",
      "@product": "Aterm WF1200HP2",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wf300hp2_firmware",
      "@product": "Aterm WF300HP2",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wf300hp_firmware",
      "@product": "Aterm WF300HP",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wf800hp_firmware",
      "@product": "Aterm WF800HP",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wg1200hp2_firmware",
      "@product": "Aterm WG1200HP2",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wg1200hp3_firmware",
      "@product": "Aterm WG1200HP3",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wg1200hp_firmware",
      "@product": "Aterm WG1200HP",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wg1200hs2_firmware",
      "@product": "Aterm WG1200HS2",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wg1200hs3_firmware",
      "@product": "Aterm WG1200HS3",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wg1200hs_firmware",
      "@product": "Aterm WG1200HS",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wg1400hp_firmware",
      "@product": "Aterm WG1400HP",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wg1800hp2_firmware",
      "@product": "Aterm WG1800HP2",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wg1800hp3_firmware",
      "@product": "Aterm WG1800HP3",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wg1800hp4_firmware",
      "@product": "Aterm WG1800HP4",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wg1800hp_firmware",
      "@product": "Aterm WG1800HP",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wg1810hp(je)",
      "@product": "Aterm WG1810HP(JE)",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wg1810hp(mf)",
      "@product": "Aterm WG1810HP(MF)",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wg1900hp2_firmware",
      "@product": "Aterm WG1900HP2",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wg1900hp_firmware",
      "@product": "Aterm WG1900HP",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wg2200hp_firmware",
      "@product": "Aterm WG2200HP",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wg300hp_firmware",
      "@product": "Aterm WG300HP",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wg600hp_firmware",
      "@product": "Aterm WG600HP",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wm3500r",
      "@product": "Aterm WM3500R",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wm3800r",
      "@product": "Aterm WM3800R",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wr1200h",
      "@product": "Aterm WR1200H",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wr4100n",
      "@product": "Aterm WR4100N",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wr4500n",
      "@product": "Aterm WR4500N",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wr6600h",
      "@product": "Aterm WR6600H",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wr6650s",
      "@product": "Aterm WR6650S",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wr6670s",
      "@product": "Aterm WR6670S",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wr7800h",
      "@product": "Aterm WR7800H",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wr7850s",
      "@product": "Aterm WR7850S",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wr7870s",
      "@product": "Aterm WR7870S",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wr8100n",
      "@product": "Aterm WR8100N",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wr8150n",
      "@product": "Aterm WR8150N",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wr8165n_firmware",
      "@product": "Aterm WR8165N",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wr8166n",
      "@product": "Aterm WR8166N",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wr8170n_firmware",
      "@product": "Aterm WR8170N",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wr8175n_firmware",
      "@product": "Aterm WR8175N",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wr8200n",
      "@product": "Aterm WR8200N",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wr8300n",
      "@product": "Aterm WR8300N",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wr8370n_firmware",
      "@product": "Aterm WR8370N",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wr8400n",
      "@product": "Aterm WR8400N",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wr8500n",
      "@product": "Aterm WR8500N",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wr8600n_firmware",
      "@product": "Aterm WR8600N",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wr8700n_firmware",
      "@product": "Aterm WR8700N",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wr8750n_firmware",
      "@product": "Aterm WR8750N",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wr9300n_firmware",
      "@product": "Aterm WR9300N",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wr9500n_firmware",
      "@product": "Aterm WR9500N",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "8.8",
    "@severity": "High",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2024-000037",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN82074338/index.html",
      "@id": "JVN#82074338",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-28005",
      "@id": "CVE-2024-28005",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-28006",
      "@id": "CVE-2024-28006",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-28007",
      "@id": "CVE-2024-28007",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-28008",
      "@id": "CVE-2024-28008",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-28009",
      "@id": "CVE-2024-28009",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-28010",
      "@id": "CVE-2024-28010",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-28011",
      "@id": "CVE-2024-28011",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-28012",
      "@id": "CVE-2024-28012",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-28013",
      "@id": "CVE-2024-28013",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-28014",
      "@id": "CVE-2024-28014",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-28015",
      "@id": "CVE-2024-28015",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-280016",
      "@id": "CVE-2024-28016",
      "@source": "CVE"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-119",
      "@title": "Buffer Errors(CWE-119)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-200",
      "@title": "Information Exposure(CWE-200)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-287",
      "@title": "Improper Authentication(CWE-287)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Multiple vulnerabilities in NEC Aterm series"
}