CVE-2025-0355

EPSS 0.13%
Published 15.01.2025 08:15:26
Last modified 21.01.2025 04:15:07
Source psirt-info@cyber.jp.nec.com
Teams watchlist Login
Open Login

Missing Authentication for Critical Function vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WF1200CRS Ver.1.6.0 and earlier, WG1200CRS Ver.1.5.0 and earlier, GB1200PE Ver.1.3.0 and earlier, WG2600HP4 Ver.1.4.2 and earlier, WG2600HM4 Ver.1.4.2 and earlier, WG2600HS2 Ver.1.3.2 and earlier, WX3000HP Ver.2.4.2 and earlier and WX4200D5 Ver.1.2.4 and earlier allows a attacker to get a Wi-Fi password via the network.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorNEC Corporation

≫

Product WG2600HS

Default Statusunknown

Version Ver.1.7.2 and earlier

Status affected

VendorNEC Corporation

≫

Product WF1200CR

Default Statusunknown

Version Ver.1.6.0 and earlier

Status affected

VendorNEC Corporation

≫

Product WG1200CR

Default Statusunknown

Version Ver.1.5.0 and earlier

Status affected

VendorNEC Corporation

≫

Product GB1200PE

Default Statusunknown

Version Ver.1.3.0 and earlier

Status affected

VendorNEC Corporation

≫

Product WG2600HP4

Default Statusunknown

Version Ver.1.4.2 and earlier

Status affected

VendorNEC Corporation

≫

Product WG2600HM4

Default Statusunknown

Version Ver.1.4.2 and earlier

Status affected

VendorNEC Corporation

≫

Product WG2600HS2

Default Statusunknown

Version Ver.1.3.2 and earlier

Status affected

VendorNEC Corporation

≫

Product WX3000HP

Default Statusunknown

Version Ver.2.4.2 and earlier

Status affected

VendorNEC Corporation

≫

Product WX4200D5

Default Statusunknown

Version Ver.1.2.4 and earlier

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.13%	0.339

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
psirt-info@cyber.jp.nec.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://jpn.nec.com/security-info/secinfo/nv25-003_en.html

https://nvd.nist.gov/vuln/detail/CVE-2025-0355

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-0355

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-0355

EUVD