Vulnerability identifier: #VU88169
Vulnerability risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-78
Exploitation vector: Local network
Exploit availability: No
Vulnerable software:
Aterm CR2500P
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm MR01LN
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm MR02LN
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm W300P
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm W1200EX(-MS)
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm WF300HP
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm WF300HP2
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm WF1200HP
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm WF1200HP2
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm WG300HP
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm WG600HP
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm WG1200HP
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm WG1200HP2
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm WG1200HP3
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm WG1200HS
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm WG1200HS2
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm WG1200HS3
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm WG1400HP
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm WG1800HP
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm WG1800HP2
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm WG1800HP3
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm WG1800HP4
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm WG1810HP(JE)
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm WG1810HP(MF)
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm WG1900HP
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm WG1900HP2
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm WG2200HP
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm WM3400RN
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm WM3450RN
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm WM3500R
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm WM3600R
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm WM3800R
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm WR1200H
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm WR4100N
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm WR4500N
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm WR6600H
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm WR6650S
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm WR6670S
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm WR7800H
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm WR7850S
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm WR7870S
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm WR8100N
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm WR8150N
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm WR8160N
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm WR8165N
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm WR8166N
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm WR8170N
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm WR8175N
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm WR8200N
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm WR8300N
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm WR8370N
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm WR8400N
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm WR8500N
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm WR8600N
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm WR8700N
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm WR8750N
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm WR9300N
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm WR9500N
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Aterm WF800HP
Hardware solutions /
Other hardware appliances
Vendor: NEC Corporation
Description
The vulnerability allows a remote user to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the web management console. A remote administrator can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Aterm CR2500P: All versions
Aterm MR01LN: All versions
Aterm MR02LN: All versions
Aterm W300P: All versions
Aterm W1200EX(-MS): All versions
Aterm WF300HP: All versions
Aterm WF300HP2: All versions
Aterm WF800HP: All versions
Aterm WF1200HP: All versions
Aterm WF1200HP2: All versions
Aterm WG300HP: All versions
Aterm WG600HP: All versions
Aterm WG1200HP: All versions
Aterm WG1200HP2: All versions
Aterm WG1200HP3: All versions
Aterm WG1200HS: All versions
Aterm WG1200HS2: All versions
Aterm WG1200HS3: All versions
Aterm WG1400HP: All versions
Aterm WG1800HP: All versions
Aterm WG1800HP2: All versions
Aterm WG1800HP3: All versions
Aterm WG1800HP4: All versions
Aterm WG1810HP(JE): All versions
Aterm WG1810HP(MF): All versions
Aterm WG1900HP: All versions
Aterm WG1900HP2: All versions
Aterm WG2200HP: All versions
Aterm WM3400RN: All versions
Aterm WM3450RN: All versions
Aterm WM3500R: All versions
Aterm WM3600R: All versions
Aterm WM3800R: All versions
Aterm WR1200H: All versions
Aterm WR4100N: All versions
Aterm WR4500N: All versions
Aterm WR6600H: All versions
Aterm WR6650S: All versions
Aterm WR6670S: All versions
Aterm WR7800H: All versions
Aterm WR7850S: All versions
Aterm WR7870S: All versions
Aterm WR8100N: All versions
Aterm WR8150N: All versions
Aterm WR8160N: All versions
Aterm WR8165N: All versions
Aterm WR8166N: All versions
Aterm WR8170N: All versions
Aterm WR8175N: All versions
Aterm WR8200N: All versions
Aterm WR8300N: All versions
Aterm WR8370N: All versions
Aterm WR8400N: All versions
Aterm WR8500N: All versions
Aterm WR8600N: All versions
Aterm WR8700N: All versions
Aterm WR8750N: All versions
Aterm WR9300N: All versions
Aterm WR9500N: All versions
External links
https://jvn.jp/en/jp/JVN82074338/index.html
https://jpn.nec.com/security-info/secinfo/nv24-001_en.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.