Multiple vulnerabilities in Aterm series

Number:NV24-001
CVE:CVE-2024-28005, CVE-2024-28006, CVE-2024-28007, CVE-2024-28008, CVE-2024-28009, CVE-2024-28010, CVE-2024-28011, CVE-2024-28012, CVE-2024-28013, CVE-2024-28014, CVE-2024-28015, CVE-2024-28016

Overview

Aterm has multiple vulnerabilities.

An attacker who has obtained high privileges can execute arbitrary scripts. - CVE-2024-28005
File Viewing Vulnerability. - CVE-2024-28006
An attacker who has obtained high privileges can execute arbitrary OS commands as root. - CVE-2024-28007
An attacker who has obtained high privileges can execute arbitrary OS commands. - CVE-2024-28008
Possibility to guess the default password of a specific function. - CVE-2024-28009
Unnecessary accounts remain a specific function. - CVE-2024-28010
A specific function cannot be changed to a closed state. - CVE-2024-28011
Possibility to guess the default password of a specific function. - CVE-2024-28012
Able to access WebUI via the network. - CVE-2024-28013
Buffer overflow. - CVE-2024-28014
An attacker who has obtained high privileges can execute arbitrary OS commands. - CVE-2024-28015
File Viewing Vulnerability. - CVE-2024-28016

Products Affected

Aterm

Affected Version

WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN, MR02LN, WG1810HP(JE), WG1810HP(MF)

Solution

Please update.
https://www.aterm.jp/support/tech/2024/0227.html

WG1810HP(JE)、WG1810HP(MF)
https://www.aterm.jp/web/model/info202403.html

Additionally, support has ended for the following products, and we recommend that you consider replacing them.
WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R
https://www.uqwimax.jp/wimax/support/change/single/finish/ 
  
WR8166N 
https://www.aterm.jp/docomo/8166n/ 
  
MR01LN 
https://www.aterm.jp/mobile/support/mr01ln/ 
  
MR02LN 
https://www.aterm.jp/mobile/support/mr02ln/ 

References

Credit

reported by Katsuhiko Sato and Ryo Kashiro of 00One, Inc. and Yudai Morii, Takaya Noma, Takayuki Sasaki and Katsunari Yoshioka of Yokohama National University. for NEC-PSIRT

 

Update

2024/04/02
Update Affected Version and Solution.
2024/03/22
First edition