Description
Missing Authentication for Critical Function vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WF1200CRS Ver.1.6.0 and earlier, WG1200CRS Ver.1.5.0 and earlier, GB1200PE Ver.1.3.0 and earlier, WG2600HP4 Ver.1.4.2 and earlier, WG2600HM4 Ver.1.4.2 and earlier, WG2600HS2 Ver.1.3.2 and earlier, WX3000HP Ver.2.4.2 and earlier and WX4200D5 Ver.1.2.4 and earlier allows a attacker to get a Wi-Fi password via the network.
References (1)
Core 1
Core References
Various Sources
https://jpn.nec.com/security-info/secinfo/nv25-003_en.html
Scores
CVSS v3
7.5
EPSS
0.0052
EPSS Percentile
39.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-306
Status
published
Products (9)
NEC Corporation/GB1200PE
Ver.1.3.0 and earlier
NEC Corporation/WF1200CR
Ver.1.6.0 and earlier
NEC Corporation/WG1200CR
Ver.1.5.0 and earlier
NEC Corporation/WG2600HM4
Ver.1.4.2 and earlier
NEC Corporation/WG2600HP4
Ver.1.4.2 and earlier
NEC Corporation/WG2600HS
Ver.1.7.2 and earlier
NEC Corporation/WG2600HS2
Ver.1.3.2 and earlier
NEC Corporation/WX3000HP
Ver.2.4.2 and earlier
NEC Corporation/WX4200D5
Ver.1.2.4 and earlier
Published
Jan 15, 2025
Tracked Since
Feb 18, 2026