CVE-2025-0355
📋 TL;DR
A missing authentication vulnerability in multiple NEC Aterm router models allows attackers to retrieve Wi-Fi passwords without authentication. This affects users running vulnerable firmware versions on listed NEC Aterm routers. Attackers on the same network can exploit this to gain unauthorized access to Wi-Fi credentials.
💻 Affected Systems
- NEC Aterm WG2600HS
- WF1200CRS
- WG1200CRS
- GB1200PE
- WG2600HP4
- WG2600HM4
- WG2600HS2
- WX3000HP
- WX4200D5
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain Wi-Fi password, pivot to internal network, intercept traffic, and potentially compromise connected devices.
Likely Case
Local attackers retrieve Wi-Fi password and gain unauthorized network access for surveillance or further attacks.
If Mitigated
With proper network segmentation and monitoring, impact limited to isolated network segment.
🎯 Exploit Status
Exploitation requires network access but no authentication. Simple HTTP requests likely sufficient.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific fixed versions per model
Vendor Advisory: https://jpn.nec.com/security-info/secinfo/nv25-003_en.html
Restart Required: Yes
Instructions:
1. Access router admin interface. 2. Check current firmware version. 3. Download latest firmware from NEC support site. 4. Upload and apply firmware update. 5. Reboot router.
🔧 Temporary Workarounds
Network Segmentation
allIsolate router management interface to trusted VLAN
Access Control
allRestrict physical and wireless access to trusted devices only
🧯 If You Can't Patch
- Replace affected routers with updated models or different vendors
- Implement strict network monitoring for unauthorized access attempts
🔍 How to Verify
Check if Vulnerable:
Check router firmware version against affected versions listCheck Version:
Login to router admin interface and check firmware version in system settingsVerify Fix Applied:
Confirm firmware version is above affected range after update📡 Detection & Monitoring
Log Indicators:
- Unauthorized access to router management interface
- Unusual HTTP requests to router endpoints
Network Indicators:
- Unexpected devices connecting to Wi-Fi
- Suspicious traffic from router management interface
SIEM Query:
source="router.log" AND ("authentication_failed" OR "unauthorized_access")