Japan
サイト内の現在位置
Multiple vulnerabilities in Aterm series
Number:NV24-001
CVE:CVE-2024-28005, CVE-2024-28006, CVE-2024-28007, CVE-2024-28008, CVE-2024-28009, CVE-2024-28010, CVE-2024-28011, CVE-2024-28012, CVE-2024-28013, CVE-2024-28014, CVE-2024-28015, CVE-2024-28016
Overview
Aterm has multiple vulnerabilities.
An attacker who has obtained high privileges can execute arbitrary scripts. - CVE-2024-28005File Viewing Vulnerability. - CVE-2024-28006
An attacker who has obtained high privileges can execute arbitrary OS commands as root. - CVE-2024-28007
An attacker who has obtained high privileges can execute arbitrary OS commands. - CVE-2024-28008
Possibility to guess the default password of a specific function. - CVE-2024-28009
Unnecessary accounts remain a specific function. - CVE-2024-28010
A specific function cannot be changed to a closed state. - CVE-2024-28011
Possibility to guess the default password of a specific function. - CVE-2024-28012
Able to access WebUI via the network. - CVE-2024-28013
Buffer overflow. - CVE-2024-28014
An attacker who has obtained high privileges can execute arbitrary OS commands. - CVE-2024-28015
File Viewing Vulnerability. - CVE-2024-28016
Products Affected
Aterm
Affected Version
WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN, MR02LN, WG1810HP(JE), WG1810HP(MF)
Solution
Please update.
https://www.aterm.jp/support/tech/2024/0227.html
WG1810HP(JE)、WG1810HP(MF)
https://www.aterm.jp/web/model/info202403.html
Additionally, support has ended for the following products, and we recommend that you consider replacing them.
WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R
https://www.uqwimax.jp/wimax/support/change/single/finish/
WR8166N
https://www.aterm.jp/docomo/8166n/
MR01LN
https://www.aterm.jp/mobile/support/mr01ln/
MR02LN
https://www.aterm.jp/mobile/support/mr02ln/
References
CVE-2024-28005
https://www.cve.org/CVERecord?id=CVE-2024-28005
CVE-2024-28006
https://www.cve.org/CVERecord?id=CVE-2024-28006
CVE-2024-28007
https://www.cve.org/CVERecord?id=CVE-2024-28007
CVE-2024-28008
https://www.cve.org/CVERecord?id=CVE-2024-28008
CVE-2024-28009
https://www.cve.org/CVERecord?id=CVE-2024-28009
CVE-2024-28010
https://www.cve.org/CVERecord?id=CVE-2024-28010
CVE-2024-28011
https://www.cve.org/CVERecord?id=CVE-2024-28011
CVE-2024-28012
https://www.cve.org/CVERecord?id=CVE-2024-28012
CVE-2024-28013
https://www.cve.org/CVERecord?id=CVE-2024-28013
CVE-2024-28014
https://www.cve.org/CVERecord?id=CVE-2024-28014
CVE-2024-28015
https://www.cve.org/CVERecord?id=CVE-2024-28015
CVE-2024-28016
https://www.cve.org/CVERecord?id=CVE-2024-28016
Credit
reported by Katsuhiko Sato and Ryo Kashiro of 00One, Inc. and Yudai Morii, Takaya Noma, Takayuki Sasaki and Katsunari Yoshioka of Yokohama National University. for NEC-PSIRT
Update
- 2024/04/02
-
Update Affected Version and Solution.
- 2024/03/22
-
First edition