Use of Hard-coded Password in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary OS command via the internet.
The manufacturer embedded a fixed, immutable password in the firmware that cannot be changed by the user. An attacker knowing this password can authenticate to the device without any additional privileges (PR:N) and without user interaction (UI:N). After authentication, it is possible to send a crafted request over the internet, resulting in execution of arbitrary operating system commands on the vulnerable device.
The attacker gains full control over the device — it is possible to intercept network traffic, modify configuration, install malicious software, or use the device as an entry point to the internal network (lateral movement). The consequences include breach of confidentiality, integrity, and system availability.
Patches available from the manufacturer should be applied according to the references (https://jpn.nec.com/security-info/secinfo/nv24-001_en.html). Until the update is implemented, it is recommended to block access to the device management panel from the internet (firewall, WAN traffic filtering) and to segment the network to limit potential consequences of compromise.
All firmware versions of the following NEC Corporation Aterm devices: WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN, MR02LN, WG1810HP(JE) and WG1810HP(MF) — all versions.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNec Aterm Cr2500p
HWNecwszystkie wersjeNec Aterm Cr2500p Firmware
OSNecwszystkie wersjeNec Aterm W1200ex Ms
HWNecwszystkie wersjeNec Aterm W1200ex Ms Firmware
OSNecwszystkie wersjeNec Aterm W300p
HWNecwszystkie wersjeNec Aterm W300p Firmware
OSNecwszystkie wersjeNec Aterm Wf1200hp
HWNecwszystkie wersjeNec Aterm Wf1200hp2
HWNecwszystkie wersjeNec Aterm Wf1200hp2 Firmware
OSNecwszystkie wersjeNec Aterm Wf1200hp Firmware
OSNecwszystkie wersjeNec Aterm Wf300hp
HWNecwszystkie wersjeNec Aterm Wf300hp2
HWNecwszystkie wersjeNec Aterm Wf300hp2 Firmware
OSNecwszystkie wersjeNec Aterm Wf300hp Firmware
OSNecwszystkie wersjeNec Aterm Wf800hp
HWNecwszystkie wersjeNec Aterm Wf800hp Firmware
OSNecwszystkie wersjeNec Aterm Wg1200hp
HWNecwszystkie wersjeNec Aterm Wg1200hp2
HWNecwszystkie wersjeNec Aterm Wg1200hp2 Firmware
OSNecwszystkie wersjeNec Aterm Wg1200hp3
HWNecwszystkie wersjeNec Aterm Wg1200hp3 Firmware
OSNecwszystkie wersjeNec Aterm Wg1200hp Firmware
OSNecwszystkie wersjeNec Aterm Wg1200hs
HWNecwszystkie wersjeNec Aterm Wg1200hs2
HWNecwszystkie wersjeNec Aterm Wg1200hs2 Firmware
OSNecwszystkie wersjeNec Aterm Wg1200hs3
HWNecwszystkie wersjeNec Aterm Wg1200hs3 Firmware
OSNecwszystkie wersjeNec Aterm Wg1200hs Firmware
OSNecwszystkie wersjeNec Aterm Wg1400hp
HWNecwszystkie wersjeNec Aterm Wg1400hp Firmware
OSNecwszystkie wersje
Related vulnerabilities
Ukryta funkcjonalność w routerach NEC Aterm umożliwia RCE z uprawnieniami root
Auth Bypass w NEC Aterm — zdalne wykonanie kodu jako root
Active Debug Code w routerach NEC Aterm — zdalne wykonanie poleceń OS
Auth Bypass w NEC Aterm — zdalne wykonanie poleceń jako root
Auth Bypass w NEC Aterm — zdalne wykonanie kodu jako root