Japan
サイト内の現在位置
Multiple vulnerabilities in Aterm series
Number:NV25-003
CVE:CVE-2025-0354, CVE-2025-0355, CVE-2025-0356
Overview
Aterm has multiple vulnerabilities.
- XSS vulnerability (CVE-2025-0354): If the product is accessed by a malicious attacker, arbitrary commands or scripts may be executed.
- Inadequate access restriction vulnerability (CVE-2025-0355): If the product is accessed by a malicious attacker, device information may be read.
- OS command injection vulnerability (CVE-2025-0356): If the product is accessed by a malicious attacker, arbitrary commands or scripts may be executed.
Products Affected
Aterm
Affected Version
- XSS Vulnerability (CVE-2025-0354)
WG2600HS: Before Ver.1.7.2
WG2600HP4: Before Ver.1.4.2
WG2600HM4: Before Ver.1.4.2
WG2600HS2: Before Ver.1.3.2
WX3000HP: Before Ver.2.4.2
WX4200D5: Before Ver.1.2.4
- Improper Access Restriction Vulnerability (CVE-2025-0355)
WG2600HS: Before Ver.1.7.2
WF1200CR: Before Ver.1.6.0
WG1200CR: Before Ver.1.5.0
GB1200PE: Before Ver.1.3.0
WG2600HP4: Before Ver.1.4.2
WG2600HM4: Before Ver.1.4.2
WG2600HS2: Before Ver.1.3.2
WX3000HP: Before Ver.2.4.2
WX4200D5: Before Ver.1.2.4
- OS Command Injection Vulnerability (CVE-2025-0356)
WX1500HP: Before Ver.1.4.2
WX3600HP: Before Ver.1.5.3
Solution
Please update.
https://www.aterm.jp/support/tech/2025/0115.html
References
CVE-2025-0354
https://www.cve.org/CVERecord?id=CVE-2025-0354
CVE-2025-0355
https://www.cve.org/CVERecord?id=CVE-2025-0355
CVE-2025-0356
https://www.cve.org/CVERecord?id=CVE-2025-0356
Credit
reported by Kakeru Kajihara of NTT Security Holdings. and Takayuki Sasaki and Katsunari Yoshioka of Yokohama National University. for NEC-PSIRT
Update
- 2025/01/15
-
First edition