CVE-2025-0355 - Vulnerability Details - OpenCVE

Missing Authentication for Critical Function vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WF1200CRS Ver.1.6.0 and earlier, WG1200CRS Ver.1.5.0 and earlier, GB1200PE Ver.1.3.0 and earlier, WG2600HP4 Ver.1.4.2 and earlier, WG2600HM4 Ver.1.4.2 and earlier, WG2600HS2 Ver.1.3.2 and earlier, WX3000HP Ver.2.4.2 and earlier and WX4200D5 Ver.1.2.4 and earlier allows a attacker to get a Wi-Fi password via the internet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://jpn.nec.com/security-info/secinfo/nv25-003_en.html

History

Wed, 15 Jan 2025 07:30:00 +0000

Type	Values Removed	Values Added
Description		Missing Authentication for Critical Function vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WF1200CRS Ver.1.6.0 and earlier, WG1200CRS Ver.1.5.0 and earlier, GB1200PE Ver.1.3.0 and earlier, WG2600HP4 Ver.1.4.2 and earlier, WG2600HM4 Ver.1.4.2 and earlier, WG2600HS2 Ver.1.3.2 and earlier, WX3000HP Ver.2.4.2 and earlier and WX4200D5 Ver.1.2.4 and earlier allows a attacker to get a Wi-Fi password via the internet.
Weaknesses		CWE-306
References		https://jpn.nec.com/security-info/secinfo/nv25-003_en.html
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: NEC

Published: 2025-01-15T07:23:39.481Z

Updated: 2025-01-15T07:23:39.481Z

Reserved: 2025-01-09T06:20:49.647Z

Link: CVE-2025-0355

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-01-15T08:15:26.493

Modified: 2025-01-15T08:15:26.493

Link: CVE-2025-0355

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-0355", "assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282", "state": "PUBLISHED", "assignerShortName": "NEC", "dateReserved": "2025-01-09T06:20:49.647Z", "datePublished": "2025-01-15T07:23:39.481Z", "dateUpdated": "2025-01-15T07:23:39.481Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "WG2600HS", "vendor": "NEC Corporation", "versions": [{"status": "affected", "version": "Ver.1.7.2 and earlier"}]}, {"defaultStatus": "unknown", "product": "WF1200CR", "vendor": "NEC Corporation", "versions": [{"status": "affected", "version": "Ver.1.6.0 and earlier"}]}, {"defaultStatus": "unknown", "product": "WG1200CR", "vendor": "NEC Corporation", "versions": [{"status": "affected", "version": "Ver.1.5.0 and earlier"}]}, {"defaultStatus": "unknown", "product": "GB1200PE", "vendor": "NEC Corporation", "versions": [{"status": "affected", "version": "Ver.1.3.0 and earlier"}]}, {"defaultStatus": "unknown", "product": "WG2600HP4", "vendor": "NEC Corporation", "versions": [{"status": "affected", "version": "Ver.1.4.2 and earlier"}]}, {"defaultStatus": "unknown", "product": "WG2600HM4", "vendor": "NEC Corporation", "versions": [{"status": "affected", "version": "Ver.1.4.2 and earlier"}]}, {"defaultStatus": "unknown", "product": "WG2600HS2", "vendor": "NEC Corporation", "versions": [{"status": "affected", "version": "Ver.1.3.2 and earlier"}]}, {"defaultStatus": "unknown", "product": "WX3000HP", "vendor": "NEC Corporation", "versions": [{"status": "affected", "version": "Ver.2.4.2 and earlier"}]}, {"defaultStatus": "unknown", "product": "WX4200D5", "vendor": "NEC Corporation", "versions": [{"status": "affected", "version": "Ver.1.2.4 and earlier"}]}], "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Takayuki Sasaki of Yokohama National University."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authentication for Critical Function vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WF1200CRS Ver.1.6.0 and earlier, WG1200CRS Ver.1.5.0 and earlier, GB1200PE Ver.1.3.0 and earlier, WG2600HP4 Ver.1.4.2 and earlier, WG2600HM4 Ver.1.4.2 and earlier, WG2600HS2 Ver.1.3.2 and earlier, WX3000HP Ver.2.4.2 and earlier and WX4200D5 Ver.1.2.4 and earlier allows a attacker to get a Wi-Fi password via the internet."}], "value": "Missing Authentication for Critical Function vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WF1200CRS Ver.1.6.0 and earlier, WG1200CRS Ver.1.5.0 and earlier, GB1200PE Ver.1.3.0 and earlier, WG2600HP4 Ver.1.4.2 and earlier, WG2600HM4 Ver.1.4.2 and earlier, WG2600HS2 Ver.1.3.2 and earlier, WX3000HP Ver.2.4.2 and earlier and WX4200D5 Ver.1.2.4 and earlier allows a attacker to get a Wi-Fi password via the internet."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "description": "CWE-306: Missing Authentication for Critical Function", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282", "shortName": "NEC", "dateUpdated": "2025-01-15T07:23:39.481Z"}, "references": [{"url": "https://jpn.nec.com/security-info/secinfo/nv25-003_en.html"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}}}