Details of VAR-202501-3163

ID

VAR-202501-3163

CVE

CVE-2025-0354

TITLE

NEC Aterm Multiple vulnerabilities in the series ( NV25-003 )

Trust: 0.8

sources: JVNDB: JVNDB-2025-000002

DESCRIPTION

Cross-site scripting vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WG2600HP4 Ver.1.4.2 and earlier, WG2600HM4 Ver.1.4.2 and earlier, WG2600HS2 Ver.1.3.2 and earlier, WX3000HP Ver.2.4.2 and earlier and WX4200D5 Ver.1.2.4 and earlier allows a attacker to inject an arbitrary script via the network. None

Trust: 1.62

sources: NVD: CVE-2025-0354 // JVNDB: JVNDB-2025-000002

AFFECTED PRODUCTS

vendor:	日本電気	model:	aterm wg2600hp4	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	aterm wx3600hp	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	aterm wx1500hp	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	aterm wx4200d5	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	aterm wx3000hp	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	aterm gb1200pe	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	aterm wf1200cr	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	aterm wg2600hs	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	aterm wg2600hs2	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	aterm wg2600hm4	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	aterm wg1200cr	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2025-000002

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt-info@cyber.jp.nec.com:	CVE-2025-0354
value:	MEDIUM
Trust: 1.0
IPA:	JVNDB-2025-000002
value:	MEDIUM
Trust: 0.8

psirt-info@cyber.jp.nec.com:	CVE-2025-0354
baseSeverity:	MEDIUM
baseScore:	4.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.7
impactScore:	2.7
version:	3.1
Trust: 1.0
IPA:	JVNDB-2025-000002
baseSeverity:	MEDIUM
baseScore:	4.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2025-000002 // NVD: CVE-2025-0354

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.0
problemtype:	Cross-site scripting (CWE-79) [IPA evaluation ]	Trust: 0.8
problemtype:	others (CWE-Other) [IPA evaluation ]	Trust: 0.8
problemtype:	OS Command injection (CWE-78) [IPA evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-000002 // NVD: CVE-2025-0354

PATCH

title:

Information from NEC Corporation

url:

https://jvn.jp/jp/JVN65447879/6443/index.html

Trust: 0.8

sources: JVNDB: JVNDB-2025-000002

EXTERNAL IDS

db:	NVD	id:	CVE-2025-0354	Trust: 1.8
db:	JVN	id:	JVN65447879	Trust: 0.8
db:	JVNDB	id:	JVNDB-2025-000002	Trust: 0.8

sources: JVNDB: JVNDB-2025-000002 // NVD: CVE-2025-0354

REFERENCES

url:	https://jpn.nec.com/security-info/secinfo/nv25-003_en.html	Trust: 1.0
url:	https://jvn.jp/jp/jvn65447879/index.html	Trust: 0.8

sources: JVNDB: JVNDB-2025-000002 // NVD: CVE-2025-0354

SOURCES

db:	JVNDB	id:	JVNDB-2025-000002
db:	NVD	id:	CVE-2025-0354

LAST UPDATE DATE

2025-02-18T23:34:07.942000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2025-000002	date:	2025-02-14T05:22:00
db:	NVD	id:	CVE-2025-0354	date:	2025-02-17T10:15:08.767

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2025-000002	date:	2025-02-14T00:00:00
db:	NVD	id:	CVE-2025-0354	date:	2025-01-15T08:15:26.330