Aterm series provided by NEC Corporation contains multiple vulnerabilities listed below.
Incorrect Permission Assignment for Critical Resource (CWE-732) CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 8.0 CVE-2024-28005Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497)CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score 6.5 CVE-2024-28006Incorrect Permission Assignment for Critical Resource (CWE-732)CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 8.0 CVE-2024-28007Active Debug Code (CWE-489)CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 8.0 CVE-2024-28008Use of Weak Credentials (CWE-1391)CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score 6.5 CVE-2024-28009, CVE-2024-28012Use of Hard-coded Credentials (CWE-798)CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score 6.5 CVE-2024-28010Inclusion of Undocumented Features (CWE-1242)CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Base Score 4.3 CVE-2024-28011Insufficient Session Expiration (CWE-613)CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score 4.3 CVE-2024-28013Buffer Overflow (CWE-120)CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 8.8 CVE-2024-28014OS Command Injection in the web management console (CWE-78)CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 6.8 CVE-2024-28015Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Base Score 4.3 CVE-2024-28016
Update the firmware
Update the firmware to the latest version according to the information provided by the developer.
Apply the Workaround
The developer also recommends users apply the workaround.
Stop using the products
Some affected products are no longer supported. Stop using the vulnerable products and consider switching to alternatives.
For more information, refer to the information provided by the developer.
All versions of following Aterm series are affected by the vulnerabilities.