Details of VAR-202501-2751

ID

VAR-202501-2751

CVE

CVE-2025-0355

TITLE

NEC Aterm Multiple vulnerabilities in the series ( NV25-003 )

Trust: 0.8

sources: JVNDB: JVNDB-2025-000002

DESCRIPTION

Missing Authentication for Critical Function vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WF1200CRS Ver.1.6.0 and earlier, WG1200CRS Ver.1.5.0 and earlier, GB1200PE Ver.1.3.0 and earlier, WG2600HP4 Ver.1.4.2 and earlier, WG2600HM4 Ver.1.4.2 and earlier, WG2600HS2 Ver.1.3.2 and earlier, WX3000HP Ver.2.4.2 and earlier and WX4200D5 Ver.1.2.4 and earlier allows a attacker to get a Wi-Fi password via the network. None

Trust: 1.62

sources: NVD: CVE-2025-0355 // JVNDB: JVNDB-2025-000002

AFFECTED PRODUCTS

vendor:	日本電気	model:	aterm wg2600hp4	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	aterm wx3600hp	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	aterm wx1500hp	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	aterm wx4200d5	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	aterm wx3000hp	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	aterm gb1200pe	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	aterm wf1200cr	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	aterm wg2600hs	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	aterm wg2600hs2	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	aterm wg2600hm4	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	aterm wg1200cr	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2025-000002

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt-info@cyber.jp.nec.com:	CVE-2025-0355
value:	HIGH
Trust: 1.0
IPA:	JVNDB-2025-000002
value:	HIGH
Trust: 0.8

psirt-info@cyber.jp.nec.com:	CVE-2025-0355
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
IPA:	JVNDB-2025-000002
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2025-000002 // NVD: CVE-2025-0355

PROBLEMTYPE DATA

problemtype:	CWE-306	Trust: 1.0
problemtype:	Cross-site scripting (CWE-79) [IPA evaluation ]	Trust: 0.8
problemtype:	others (CWE-Other) [IPA evaluation ]	Trust: 0.8
problemtype:	OS Command injection (CWE-78) [IPA evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-000002 // NVD: CVE-2025-0355

PATCH

title:

Information from NEC Corporation

url:

https://jvn.jp/jp/JVN65447879/6443/index.html

Trust: 0.8

sources: JVNDB: JVNDB-2025-000002

EXTERNAL IDS

db:	NVD	id:	CVE-2025-0355	Trust: 1.8
db:	JVN	id:	JVN65447879	Trust: 0.8
db:	JVNDB	id:	JVNDB-2025-000002	Trust: 0.8

sources: JVNDB: JVNDB-2025-000002 // NVD: CVE-2025-0355

REFERENCES

url:	https://jpn.nec.com/security-info/secinfo/nv25-003_en.html	Trust: 1.0
url:	https://jvn.jp/jp/jvn65447879/index.html	Trust: 0.8

sources: JVNDB: JVNDB-2025-000002 // NVD: CVE-2025-0355

SOURCES

db:	JVNDB	id:	JVNDB-2025-000002
db:	NVD	id:	CVE-2025-0355

LAST UPDATE DATE

2025-02-16T22:42:03.171000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2025-000002	date:	2025-02-14T05:22:00
db:	NVD	id:	CVE-2025-0355	date:	2025-01-21T04:15:07.877

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2025-000002	date:	2025-02-14T00:00:00
db:	NVD	id:	CVE-2025-0355	date:	2025-01-15T08:15:26.493