[Japanese]

JVNDB-2025-000002

Multiple vulnerabilities in NEC Aterm series (NV25-003)

Overview

Aterm series provided by NEC Corporation contains multiple vulnerabilities listed below.


  • Stored Cross-site Scripting (CWE-79) - CVE-2025-0354

  • Missing Authentication for Critical Function (CWE-306) - CVE-2025-0355

  • OOS Command Injection (CWE-78) - CVE-2025-0356



CVE-2025-0354, CVE-2025-0355
Takayuki Sasaki and Katsunari Yoshioka of Yokohama National University reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.

CVE-2025-0356
Kakeru Kajihara of NTT Security Holdings reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 7.5 (High) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2025-0355

CVSS V3 Severity:
Base Metrics 7.2 (High) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2025-0356

CVSS V3 Severity:
Base Metrics 4.8 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2025-0354
Affected Products


NEC Corporation
  • Aterm GB1200PE firmware prior to Ver.1.3.0 (CVE-2025-0355)
  • Aterm WF1200CR firmware prior to Ver.1.6.0 (CVE-2025-0355)
  • Aterm WG1200CR firmware prior to Ver.1.5.0 (CVE-2025-0355)
  • Aterm WG2600HM4 firmware prior to Ver.1.4.2 (CVE-2025-0354, CVE-2025-0355)
  • Aterm WG2600HP4 firmware prior to Ver.1.4.2 (CVE-2025-0354, CVE-2025-0355)
  • Aterm WG2600HS firmware prior to Ver.1.7.2 (CVE-2025-0354, CVE-2025-0355)
  • Aterm WG2600HS2 firmware prior to Ver.1.3.2 (CVE-2025-0354, CVE-2025-0355)
  • Aterm WX1500HP firmware prior to Ver.1.4.2 (CVE-2025-0356)
  • Aterm WX3000HP firmware prior to Ver.2.4.2 (CVE-2025-0354, CVE-2025-0355)
  • Aterm WX3600HP firmware prior to Ver.1.5.3 (CVE-2025-0356)
  • Aterm WX4200D5 firmware prior to Ver.1.2.4 (CVE-2025-0354, CVE-2025-0355)

Impact


  • If a crafted input is stored by a logged-in user and a victim user accesses the management page of the affected product, an arbitrary script may be executed on the victim user's web browser (CVE-2025-0354)

  • An unauthenticated attacker may obtain the Wi-Fi passwords (CVE-2025-0355)

  • If a logged-in user sends a specially crafted request to the affected product, an arbitrary OS command may be executed on the affected product (CVE-2025-0356)

Solution

[Update the firmware]
Update the firmware to the latest version according to the information provided by the developer.

[Apply the Workaround]
The developer recommends the users to apply the workaround if the firmware cannot be updated.

[Stop using the products]
Some affected products are no longer supported. Stop using the vulnerable products and consider switching to alternatives.

For more information, refer to the information provided by the developer.
Vendor Information

NEC Corporation
CWE (What is CWE?)

  1. OS Command Injection(CWE-78) [IPA Evaluation]
  2. Cross-site Scripting(CWE-79) [IPA Evaluation]
  3. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2025-0354
  2. CVE-2025-0355
  3. CVE-2025-0356
References

  1. JVN : JVN#65447879
Revision History

  • [2025/02/14]
      Web page was published

Date Public2025/02/14
Date First Published2025/02/14
Date Last Updated2025/02/14