CVE-2025-0354 MEDIUM

CVE-2025-0354

Vendor Nec Corporation

Product WG2600HS

Weakness CWE-79 · XSS

Published January 15, 2025

Last update April 3, 2025

View on NVD All CVEs

CVSS base score

4.8/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Cross-site scripting vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WG2600HP4 Ver.1.4.2 and earlier, WG2600HM4 Ver.1.4.2 and earlier, WG2600HS2 Ver.1.3.2 and earlier, WX3000HP Ver.2.4.2 and earlier and WX4200D5 Ver.1.2.4 and earlier allows a attacker to inject an arbitrary script via the network.

Key dates

02Disclosure timeline

January 15, 2025 CVE published

April 3, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-0354 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

Identifiers

CVE CVE-2025-0354

CWE CWE-79

CVSS 4.8 / MEDIUM

Affected versions

Vendor Nec Corporation

Product WG2600HS

Affected Ver.1.7.2 and earlier

Vendor Nec Corporation

Product WG2600HP4

Affected Ver.1.4.2 and earlier

Vendor Nec Corporation

Product WG2600HM4

Affected Ver.1.4.2 and earlier

Vendor Nec Corporation

Product WG2600HS2

Affected Ver.1.3.2 and earlier

Vendor Nec Corporation

Product WX3000HP

Affected Ver.2.4.2 and earlier

Vendor Nec Corporation

Product WX4200D5

Affected Ver.1.2.4 and earlier

CVE-2025-0354

01Description

02Disclosure timeline

03References

04Related CVE