Sign-up

ID

VAR-202501-3355


CVE

CVE-2025-0356


TITLE

NEC Aterm Multiple vulnerabilities in the series ( NV25-003 )

Trust: 0.8

sources: JVNDB: JVNDB-2025-000002

DESCRIPTION

NEC Corporation Aterm WX1500HP Ver.1.4.2 and earlier and WX3600HP Ver.1.5.3 and earlier allows a attacker to execute arbitrary OS commands via the network. None

Trust: 1.62

sources: NVD: CVE-2025-0356 // JVNDB: JVNDB-2025-000002

AFFECTED PRODUCTS

vendor:日本電気model:aterm wg2600hp4scope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wx3600hpscope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wx1500hpscope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wx4200d5scope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wx3000hpscope: - version: -

Trust: 0.8

vendor:日本電気model:aterm gb1200pescope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wf1200crscope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wg2600hsscope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wg2600hs2scope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wg2600hm4scope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wg1200crscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2025-000002

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt-info@cyber.jp.nec.com: CVE-2025-0356
value: HIGH

Trust: 1.0

IPA: JVNDB-2025-000002
value: HIGH

Trust: 0.8

psirt-info@cyber.jp.nec.com: CVE-2025-0356
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

IPA: JVNDB-2025-000002
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2025-000002 // NVD: CVE-2025-0356

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:Cross-site scripting (CWE-79) [IPA evaluation ]

Trust: 0.8

problemtype: others (CWE-Other) [IPA evaluation ]

Trust: 0.8

problemtype:OS Command injection (CWE-78) [IPA evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-000002 // NVD: CVE-2025-0356

PATCH

title:Information from NEC Corporationurl:https://jvn.jp/jp/JVN65447879/6443/index.html

Trust: 0.8

sources: JVNDB: JVNDB-2025-000002

EXTERNAL IDS

db:NVDid:CVE-2025-0356

Trust: 1.8

db:JVNid:JVN65447879

Trust: 0.8

db:JVNDBid:JVNDB-2025-000002

Trust: 0.8

sources: JVNDB: JVNDB-2025-000002 // NVD: CVE-2025-0356

REFERENCES

url:https://jpn.nec.com/security-info/secinfo/nv25-003_en.html

Trust: 1.0

url:https://jvn.jp/jp/jvn65447879/index.html

Trust: 0.8

sources: JVNDB: JVNDB-2025-000002 // NVD: CVE-2025-0356

SOURCES

db:JVNDBid:JVNDB-2025-000002
db:NVDid:CVE-2025-0356

LAST UPDATE DATE

2025-02-18T23:34:07.926000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2025-000002date:2025-02-14T05:22:00
db:NVDid:CVE-2025-0356date:2025-02-17T10:15:08.973

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2025-000002date:2025-02-14T00:00:00
db:NVDid:CVE-2025-0356date:2025-01-15T08:15:26.650