PT-2025-3849 · Nec · Aterm Wx3600Hp+1
Kakeru Kajihara
+2
·
Published
2025-01-15
·
Updated
2025-02-17
·
CVE-2025-0356
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
NEC Corporation Aterm WX1500HP versions 1.4.2 and earlier
NEC Corporation Aterm WX3600HP versions 1.5.3 and earlier
Description
The issue allows an attacker to execute arbitrary OS commands via the network. This can be done through the internet, potentially affecting a wide range of devices.
Recommendations
For NEC Corporation Aterm WX1500HP versions 1.4.2 and earlier, update to a version later than 1.4.2 to resolve the issue.
For NEC Corporation Aterm WX3600HP versions 1.5.3 and earlier, update to a version later than 1.5.3 to resolve the issue.
As a temporary workaround, consider restricting network access to the devices until a patch is available.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Aterm Wx1500Hp
Aterm Wx3600Hp