CVE-2024-28010
high-risk
Published 2024-03-28
Use of Hard-coded Password in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary OS command via the internet.
Do I need to act?
-
0.40% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (20)
Aterm Wg1800Hp4 Firmware
Aterm Wg1200Hs3 Firmware
Aterm Wg1900Hp2 Firmware
Aterm Wg1200Hp3 Firmware
Aterm Wg1800Hp3 Firmware
Aterm Wg1200Hs2 Firmware
Aterm Wg1900Hp Firmware
Aterm Wg1200Hp2 Firmware
Aterm W1200Ex-Ms Firmware
Aterm Wg1200Hs Firmware
Aterm Wg1200Hp Firmware
Aterm Wf300Hp2 Firmware
Aterm W300P Firmware
Aterm Wf800Hp Firmware
Aterm Wr8165N Firmware
Aterm Wg2200Hp Firmware
Aterm Wf1200Hp2 Firmware
Aterm Wg1800Hp2 Firmware
Aterm Wf1200Hp Firmware
Aterm Wg600Hp Firmware
Affected Vendors
References (2)
61
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
2/34 · Minimal
Exposure
27/34 · High