[Japanese]

JVNDB-2024-000037

Multiple vulnerabilities in NEC Aterm series

Overview

Aterm series provided by NEC Corporation contains multiple vulnerabilities listed below.


  • Incorrect Permission Assignment for Critical Resource (CWE-732) - CVE-2024-28005

  • Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) - CVE-2024-28006

  • Incorrect Permission Assignment for Critical Resource (CWE-732) - CVE-2024-28007

  • Active Debug Code (CWE-489) - CVE-2024-28008

  • Use of Weak Credentials (CWE-1391) - CVE-2024-28009, CVE-2024-28012

  • Use of Hard-coded Credentials (CWE-798) - CVE-2024-28010

  • Inclusion of Undocumented Features (CWE-1242) - CVE-2024-28011

  • Insufficient Session Expiration (CWE-613) - CVE-2024-28013

  • Buffer Overflow (CWE-120) - CVE-2024-28014

  • OS Command Injection in the web management console (CWE-78) - CVE-2024-28015

  • Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) - CVE-2024-28016



The following people reported the vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

CVE-2024-28005, CVE-2024-28008
Ryo Kashiro, and Katsuhiko Sato, and Takayuki Sasaki, and Katsunari Yoshioka of Yokohama National University

CVE-2024-28006, CVE-2024-28007, CVE-2024-28009, CVE-2024-28010, CVE-2024-28011, CVE-2024-28012
Ryo Kashiro, and Katsuhiko Sato

CVE-2024-28013
Yudai Morii, Takaya Noma, Takayuki Sasaki, and Katsunari Yoshioka of Yokohama National University

CVE-2024-28014, CVE-2024-28015, CVE-2024-28016
Takayuki Sasaki, and Katsunari Yoshioka of Yokohama National University
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 8.8 (High) [IPA Score]
  • Attack Vector: Adjacent Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2024-28014

CVSS V3 Severity:
Base Metrics 8.0 (High) [IPA Score]
  • Attack Vector: Adjacent Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2024-28005

CVSS V3 Severity:
Base Metrics 6.5 (Medium) [IPA Score]
  • Attack Vector: Adjacent Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2024-28006

CVSS V3 Severity:
Base Metrics 8.0 (High) [IPA Score]
  • Attack Vector: Adjacent Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2024-28007

CVSS V3 Severity:
Base Metrics 8.0 (High) [IPA Score]
  • Attack Vector: Adjacent Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2024-28008

CVSS V3 Severity:
Base Metrics 6.5 (Medium) [IPA Score]
  • Attack Vector: Adjacent Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2024-28009, CVE-2024-28012

CVSS V3 Severity:
Base Metrics 6.5 (Medium) [IPA Score]
  • Attack Vector: Adjacent Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2024-280010

CVSS V3 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
  • Attack Vector: Adjacent Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: Low
The above CVSS base scores have been assigned for CVE-2024-280011

CVSS V3 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
  • Attack Vector: Adjacent Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: Low
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2024-280013

CVSS V3 Severity:
Base Metrics 6.8 (Medium) [IPA Score]
  • Attack Vector: Adjacent Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2024-280015

CVSS V3 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
  • Attack Vector: Adjacent Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: None
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2024-280016
Affected Products

All versions of following Aterm series are affected by the vulnerabilities.

NEC Corporation
  • Aterm CR2500P
  • Aterm MR01LN
  • Aterm MR02LN
  • Aterm W1200EX(-MS)
  • Aterm W300P
  • Aterm WF1200HP
  • Aterm WF1200HP2
  • Aterm WF300HP
  • Aterm WF300HP2
  • Aterm WF800HP
  • Aterm WG1200HP
  • Aterm WG1200HP2
  • Aterm WG1200HP3
  • Aterm WG1200HS
  • Aterm WG1200HS2
  • Aterm WG1200HS3
  • Aterm WG1400HP
  • Aterm WG1800HP
  • Aterm WG1800HP2
  • Aterm WG1800HP3
  • Aterm WG1800HP4
  • Aterm WG1810HP(JE)
  • Aterm WG1810HP(MF)
  • Aterm WG1900HP
  • Aterm WG1900HP2
  • Aterm WG2200HP
  • Aterm WG600HP
  • Aterm WM3500R
  • Aterm WM3800R
  • Aterm WR1200H
  • Aterm WR4100N
  • Aterm WR4500N
  • Aterm WR6600H
  • Aterm WR6650S
  • Aterm WR6670S
  • Aterm WR7800H
  • Aterm WR7850S
  • Aterm WR7870S
  • Aterm WR8100N
  • Aterm WR8150N
  • Aterm WR8165N
  • Aterm WR8166N
  • Aterm WR8200N
  • Aterm WR8300N
  • Aterm WR8400N
  • Aterm WR8500N
  • Aterm WG300HP
  • Aterm WM3400RN
  • Aterm WM3450RN
  • Aterm WM3600R
  • Aterm WR8160N
  • Aterm WR8170N
  • Aterm WR8175N
  • Aterm WR8370N
  • Aterm WR8600N
  • Aterm WR8700N
  • Aterm WR8750N
  • Aterm WR9300N
  • Aterm WR9500N

Impact


  • If a user logs in to the product through the telnet service and alters the device configuration, a shell may be executed with the root privilege (CVE-2024-28005)
  • An unauthenticated attacker may obtain sensitive information (CVE-2024-28006)

  • If a user enables telnet service and logs in, a shell may be executed with the root privilege (CVE-2024-28007)

  • If a user logs in to the product through the telnet service, the debug function may be used (CVE-2024-28008)

  • An unauthenticated attacker may guess the ID and password, and log in to telnet service (CVE-2024-28009, CVE-2024-28010, CVE-2024-28012)

  • An unauthenticated attacker may access telnet service unlimitedly (CVE-2024-28011)

  • An attacker may alter the device settings without logging in (CVE-2024-28013)

  • An unauthenticated attacker may execute an arbitrary code (CVE-2024-28014)

  • A logged-in user may execute an arbitrary command through the device's management page (CVE-2024-28015)

  • An unauthenticated attacker may obtain information such as model numbers (CVE-2024-28016)


Solution

[Update the firmware]
Update the firmware to the latest version according to the information provided by the developer.

[Apply the Workaround]
The developer also recommends users apply the workaround.

[Stop using the products]
Some affected products are no longer supported. Stop using the vulnerable products and consider switching to alternatives.

For more information, refer to the information provided by the developer.
Vendor Information

NEC Corporation
CWE (What is CWE?)

  1. Buffer Errors(CWE-119) [IPA Evaluation]
  2. Information Exposure(CWE-200) [IPA Evaluation]
  3. Improper Authentication(CWE-287) [IPA Evaluation]
  4. OS Command Injection(CWE-78) [IPA Evaluation]
  5. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2024-28005
  2. CVE-2024-28006
  3. CVE-2024-28007
  4. CVE-2024-28008
  5. CVE-2024-28009
  6. CVE-2024-28010
  7. CVE-2024-28011
  8. CVE-2024-28012
  9. CVE-2024-28013
  10. CVE-2024-28014
  11. CVE-2024-28015
  12. CVE-2024-28016
References

  1. JVN : JVN#82074338
Revision History

  • [2024/04/05]
      Web page was published

Date Public2024/04/05
Date First Published2024/04/05
Date Last Updated2024/04/05