Missing Authentication in NEC Aterm Series and WF1200CRS Products
CVE-2025-0355

7.5HIGH

Key Information:

Vendor: Nec Corporation
Status: Wg2600hs; Wf1200cr; Wg1200cr; Gb1200pe
Vendor: CVE Published:; 15 January 2025

Summary

A missing authentication vulnerability in various NEC Aterm and WF1200CRS products allows attackers on the internet to gain access to sensitive Wi-Fi credentials, enabling unauthorized network access. Users of affected products are advised to consider implementing additional security measures or upgrading to newer versions to mitigate this risk.

Affected Version(s)

GB1200PE Ver.1.3.0 and earlier

WF1200CR Ver.1.6.0 and earlier

WG1200CR Ver.1.5.0 and earlier

References

https://jpn.nec.com/security-info/secinfo/nv25-003_en.html

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 15, 2025
Vulnerability Reserved
Jan 9, 2025

Credit

Takayuki Sasaki and Katsunari Yoshioka of Yokohama National University.