CVE-2024-28007

high-risk

Published 2024-03-28

Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary command with the root privilege via the internet.

Do I need to act?

0.43% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (20)

Aterm Wg1800Hp4 Firmware

Aterm Wg1200Hs3 Firmware

Aterm Wr8750N Firmware

Aterm Wr8160N Firmware

Aterm Wr9500N Firmware

Aterm Wr8600N Firmware

Aterm Wr8370N Firmware

Aterm Wr8170N Firmware

Aterm Wr8700N Firmware

Aterm Wr8300N Firmware

Aterm Wr8150N Firmware

Aterm Wr4100N Firmware

Aterm Wr4500N Firmware

Aterm Wr8100N Firmware

Aterm Wr8500N Firmware

Aterm Cr2500P Firmware

Aterm Wr8400N Firmware

Aterm Wr8200N Firmware

Aterm Wr1200H Firmware

Aterm Wr7870S Firmware

Affected Vendors

Nec

References (2)

Vendor Advisory https://jpn.nec.com/security-info/secinfo/nv24-001_en.html

Broken Link https://https://jpn.nec.com/security-info/secinfo/nv24-001_en.html

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 2/34 · Minimal

Exposure 27/34 · High