Update multiple vulnerabilities and firmware to the wireless LAN router "Aterm"

The IPA (Independent Administrative Organization Information Processing Agency) and JPCERT/CC (JPCERT Coordination Center) note that there are multiple vulnerabilities in the NEC Platforms' wireless LAN router "Aterm" products.I called.Details of the vulnerability are published on the vulnerability information site "JVN" operated by IPA and JPCert/CC.

The vulnerability of "cross -site scripting", which may run any script on a web browser, and "OS command injection", which may execute an external OS command.It is said to exist.

The target products are as follows.Of these, WG1900HP2, WG1900HP, WG1800HP4, WG1200HS3, WG1200HS2, WG1200HP3, WG1200HP3, W1200HP2, W1200EX-MS, and W1200EX-MS are provided early because the latest firmware has been modified vulnerability.The latest firmware of WG1800HP3 will be provided later.

Among the above, modified firmware is not provided for WG1200HS, WG1200HP, WF800HP, WF300HP2, WR8165N, W300P, and W300P.For this reason, it is recommended to avoid measures such as changing the administrator password and the Wi-Fi encryption key to a robust one or disabling the UPNP function.

In addition, vulnerabilities such as Aterm WF1200CR, Aterm WG1200CR, Aterm WG2600HS, ATERM WG2600HS, etc. OS command injection, but also Aterm WG2600HS and WX3000HP may access devices connected to the LAN side from the external network.It was announced that there was a vulnerability of "deflection".These products also provide the latest firmware that has revised vulnerabilities, and is recommended.