[Japanese]

JVNDB-2020-000016

Multiple OS command injection vulnerabilities in Aterm WF1200C, Aterm WG1200CR, and Aterm WG2600HS

Overview

Aterm WF1200C, Aterm WG1200CR, and Aterm WG2600HS provided by NEC Corporation contain multiple OS command injection vulnerabilities listed below.
* OS command injection vulnerability in UPnP function (CWE-78) - CVE-2020-5524
* OS command injection vulnerability in management screen (CWE-78) - CVE-2020-5525

Rintaro Fujita and Takayuki Kamiyama of Nippon Telegraph and Telephone Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 8.8 (High) [IPA Score]
  • Attack Vector: Adjacent Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
CVSS V2 Severity:
Base Metrics 8.3 (High) [IPA Score]
  • Access Vector: Adjacent Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Complete
  • Integrity Impact: Complete
  • Availability Impact: Complete
The above CVSS base scores have been assigned for CVE-2020-5524

CVSS V3 Severity:
Base Metrics: 6.8 (Medium) [IPA Score]
  • Attack Vector: Adjacent
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
CVSS V2 Severity:
Base Metrics: 7.7 (High) [IPA Score]
  • Access Vector: Adjacent Network
  • Access Complexity: Low
  • Authentication: Single
  • Confidentiality Impact: Complete
  • Integrity Impact: Complete
  • Availability Impact: Complete
The above CVSS base scores have been assigned for CVE-2020-5525
Affected Products


NEC Corporation
  • Aterm WF1200CR firmware Ver1.2.1 and earlier
  • Aterm WG1200CR firmware Ver1.2.1 and earlier
  • Aterm WG2600HS firmware Ver1.3.2 and earlier

Impact

* A user who can access the UPnP function interface of the device may execute an arbitrary OS command with root privileges - CVE-2020-5524
* A user who can access the management screen of the device may execute an arbitrary OS command with root privileges - CVE-2020-5525
Solution

[Update the Firmware]
Apply the appropriate firmware update according to the information provided by the developer.
Vendor Information

NEC Corporation
CWE (What is CWE?)

  1. OS Command Injection(CWE-78) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2020-5524
  2. CVE-2020-5525
References

  1. JVN : JVN#25766797
  2. National Vulnerability Database (NVD) : CVE-2020-5524
  3. National Vulnerability Database (NVD) : CVE-2020-5525
Revision History

  • [2020/02/19]
      Web page was published

Date Public2020/02/19
Date First Published2020/02/19
Date Last Updated2020/02/19