All the vulnerabilites related to NEC Corporation - Aterm WG1900HP2
jvndb-2024-000037
Vulnerability from jvndb
Published
2024-04-05 14:53
Modified
2024-04-05 14:53
Severity ?
Summary
Multiple vulnerabilities in NEC Aterm series
Details
Aterm series provided by NEC Corporation contains multiple vulnerabilities listed below.
<ul>
<li>Incorrect Permission Assignment for Critical Resource (CWE-732) - CVE-2024-28005</li>
<li>Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) - CVE-2024-28006</li>
<li>Incorrect Permission Assignment for Critical Resource (CWE-732) - CVE-2024-28007</li>
<li>Active Debug Code (CWE-489) - CVE-2024-28008</li>
<li>Use of Weak Credentials (CWE-1391) - CVE-2024-28009, CVE-2024-28012</li>
<li>Use of Hard-coded Credentials (CWE-798) - CVE-2024-28010</li>
<li>Inclusion of Undocumented Features (CWE-1242) - CVE-2024-28011</li>
<li>Insufficient Session Expiration (CWE-613) - CVE-2024-28013</li>
<li>Buffer Overflow (CWE-120) - CVE-2024-28014</li>
<li>OS Command Injection in the web management console (CWE-78) - CVE-2024-28015</li>
<li>Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) - CVE-2024-28016</li>
</ul>
The following people reported the vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2024-28005, CVE-2024-28008
Ryo Kashiro, and Katsuhiko Sato, and Takayuki Sasaki, and Katsunari Yoshioka of Yokohama National University
CVE-2024-28006, CVE-2024-28007, CVE-2024-28009, CVE-2024-28010, CVE-2024-28011, CVE-2024-28012
Ryo Kashiro, and Katsuhiko Sato
CVE-2024-28013
Yudai Morii, Takaya Noma, Takayuki Sasaki, and Katsunari Yoshioka of Yokohama National University
CVE-2024-28014, CVE-2024-28015, CVE-2024-28016
Takayuki Sasaki, and Katsunari Yoshioka of Yokohama National University
References
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000037.html", "dc:date": "2024-04-05T14:53+09:00", "dcterms:issued": "2024-04-05T14:53+09:00", "dcterms:modified": "2024-04-05T14:53+09:00", "description": "Aterm series provided by NEC Corporation contains multiple vulnerabilities listed below.\r\n\r\n\u003cul\u003e\r\n\u003cli\u003eIncorrect Permission Assignment for Critical Resource (CWE-732) - CVE-2024-28005\u003c/li\u003e\r\n\u003cli\u003eExposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) - CVE-2024-28006\u003c/li\u003e\r\n\u003cli\u003eIncorrect Permission Assignment for Critical Resource (CWE-732) - CVE-2024-28007\u003c/li\u003e\r\n\u003cli\u003eActive Debug Code (CWE-489) - CVE-2024-28008\u003c/li\u003e\r\n\u003cli\u003eUse of Weak Credentials (CWE-1391) - CVE-2024-28009, CVE-2024-28012\u003c/li\u003e\r\n\u003cli\u003eUse of Hard-coded Credentials (CWE-798) - CVE-2024-28010\u003c/li\u003e\r\n\u003cli\u003eInclusion of Undocumented Features (CWE-1242) - CVE-2024-28011\u003c/li\u003e\r\n\u003cli\u003eInsufficient Session Expiration (CWE-613) - CVE-2024-28013\u003c/li\u003e\r\n\u003cli\u003eBuffer Overflow (CWE-120) - CVE-2024-28014\u003c/li\u003e\r\n\u003cli\u003eOS Command Injection in the web management console (CWE-78) - CVE-2024-28015\u003c/li\u003e\r\n\u003cli\u003eExposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) - CVE-2024-28016\u003c/li\u003e\r\n\u003c/ul\u003e\r\n\r\nThe following people reported the vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2024-28005, CVE-2024-28008\r\nRyo Kashiro, and Katsuhiko Sato, and Takayuki Sasaki, and Katsunari Yoshioka of Yokohama National University\r\n\r\nCVE-2024-28006, CVE-2024-28007, CVE-2024-28009, CVE-2024-28010, CVE-2024-28011, CVE-2024-28012\r\nRyo Kashiro, and Katsuhiko Sato\r\n\r\nCVE-2024-28013\r\nYudai Morii, Takaya Noma, Takayuki Sasaki, and Katsunari Yoshioka of Yokohama National University\r\n\r\nCVE-2024-28014, CVE-2024-28015, CVE-2024-28016\r\nTakayuki Sasaki, and Katsunari Yoshioka of Yokohama National University", "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000037.html", "sec:cpe": [ { "#text": "cpe:/h:nec:atermwm3400rn", "@product": "Aterm WM3400RN", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/h:nec:atermwm3450rn", "@product": "Aterm WM3450RN", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/h:nec:atermwm3600r", "@product": "Aterm WM3600R", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/h:nec:atermwr8160n", "@product": "Aterm WR8160N", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_cr2500p", "@product": "Aterm CR2500P", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_mr01ln", "@product": "Aterm MR01LN", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_mr02ln", "@product": "Aterm MR02LN", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_w1200ex(-ms)", "@product": "Aterm W1200EX(-MS)", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_w300p_firmware", "@product": "Aterm W300P", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_wf1200hp", "@product": "Aterm WF1200HP", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_wf1200hp2", "@product": "Aterm WF1200HP2", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_wf300hp2_firmware", "@product": "Aterm WF300HP2", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_wf300hp_firmware", "@product": "Aterm WF300HP", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_wf800hp_firmware", "@product": "Aterm WF800HP", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_wg1200hp2_firmware", "@product": "Aterm WG1200HP2", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_wg1200hp3_firmware", "@product": "Aterm WG1200HP3", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_wg1200hp_firmware", "@product": "Aterm WG1200HP", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_wg1200hs2_firmware", "@product": "Aterm WG1200HS2", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_wg1200hs3_firmware", "@product": "Aterm WG1200HS3", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_wg1200hs_firmware", "@product": "Aterm WG1200HS", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_wg1400hp_firmware", "@product": "Aterm WG1400HP", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_wg1800hp2_firmware", "@product": "Aterm WG1800HP2", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_wg1800hp3_firmware", "@product": "Aterm WG1800HP3", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_wg1800hp4_firmware", "@product": "Aterm WG1800HP4", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_wg1800hp_firmware", "@product": "Aterm WG1800HP", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_wg1810hp(je)", "@product": "Aterm WG1810HP(JE)", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_wg1810hp(mf)", "@product": "Aterm WG1810HP(MF)", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_wg1900hp2_firmware", "@product": "Aterm WG1900HP2", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_wg1900hp_firmware", "@product": "Aterm WG1900HP", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_wg2200hp_firmware", "@product": "Aterm WG2200HP", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_wg300hp_firmware", "@product": "Aterm WG300HP", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_wg600hp_firmware", "@product": "Aterm WG600HP", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_wm3500r", "@product": "Aterm WM3500R", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_wm3800r", "@product": "Aterm WM3800R", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_wr1200h", "@product": "Aterm WR1200H", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_wr4100n", "@product": "Aterm WR4100N", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_wr4500n", "@product": "Aterm WR4500N", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_wr6600h", "@product": "Aterm WR6600H", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_wr6650s", "@product": "Aterm WR6650S", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_wr6670s", "@product": "Aterm WR6670S", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_wr7800h", "@product": "Aterm WR7800H", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_wr7850s", "@product": "Aterm WR7850S", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_wr7870s", "@product": "Aterm WR7870S", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_wr8100n", "@product": "Aterm WR8100N", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_wr8150n", "@product": "Aterm WR8150N", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_wr8165n_firmware", "@product": "Aterm WR8165N", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_wr8166n", "@product": "Aterm WR8166N", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_wr8170n_firmware", "@product": "Aterm WR8170N", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_wr8175n_firmware", "@product": "Aterm WR8175N", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_wr8200n", "@product": "Aterm WR8200N", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_wr8300n", "@product": "Aterm WR8300N", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_wr8370n_firmware", "@product": "Aterm WR8370N", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_wr8400n", "@product": "Aterm WR8400N", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_wr8500n", "@product": "Aterm WR8500N", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_wr8600n_firmware", "@product": "Aterm WR8600N", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_wr8700n_firmware", "@product": "Aterm WR8700N", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_wr8750n_firmware", "@product": "Aterm WR8750N", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_wr9300n_firmware", "@product": "Aterm WR9300N", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:nec:aterm_wr9500n_firmware", "@product": "Aterm WR9500N", "@vendor": "NEC Corporation", "@version": "2.2" } ], "sec:cvss": { "@score": "8.8", "@severity": "High", "@type": "Base", "@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "@version": "3.0" }, "sec:identifier": "JVNDB-2024-000037", "sec:references": [ { "#text": "https://jvn.jp/en/jp/JVN82074338/index.html", "@id": "JVN#82074338", "@source": "JVN" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2024-28005", "@id": "CVE-2024-28005", "@source": "CVE" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2024-28006", "@id": "CVE-2024-28006", "@source": "CVE" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2024-28007", "@id": "CVE-2024-28007", "@source": "CVE" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2024-28008", "@id": "CVE-2024-28008", "@source": "CVE" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2024-28009", "@id": "CVE-2024-28009", "@source": "CVE" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2024-28010", "@id": "CVE-2024-28010", "@source": "CVE" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2024-28011", "@id": "CVE-2024-28011", "@source": "CVE" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2024-28012", "@id": "CVE-2024-28012", "@source": "CVE" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2024-28013", "@id": "CVE-2024-28013", "@source": "CVE" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2024-28014", "@id": "CVE-2024-28014", "@source": "CVE" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2024-28015", "@id": "CVE-2024-28015", "@source": "CVE" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2024-280016", "@id": "CVE-2024-28016", "@source": "CVE" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-119", "@title": "Buffer Errors(CWE-119)" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-200", "@title": "Information Exposure(CWE-200)" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-287", "@title": "Improper Authentication(CWE-287)" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-78", "@title": "OS Command Injection(CWE-78)" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-Other", "@title": "No Mapping(CWE-Other)" } ], "title": "Multiple vulnerabilities in NEC Aterm series" }