CVE-2024-28015
high-risk
Published 2024-03-28
Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary OS command with the root privilege via the internet.
Do I need to act?
-
0.79% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (20)
Aterm Wg1800Hp4 Firmware
Aterm Wg1200Hs3 Firmware
Aterm Wg1900Hp2 Firmware
Aterm Wg1200Hp3 Firmware
Aterm Wg1800Hp3 Firmware
Aterm Wr7850S Firmware
Aterm Wr6650S Firmware
Aterm Wr6600H Firmware
Aterm Wr7800H Firmware
Aterm Wm3400Rn Firmware
Aterm Wm3450Rn Firmware
Aterm Wm3500R Firmware
Aterm Wm3600R Firmware
Aterm Wm3800R Firmware
Aterm Wr8166N Firmware
Aterm Mr01Ln Firmware
Aterm Mr02Ln Firmware
Aterm Wg1810Hp\(Je\) Firmware
Aterm Wg1810Hp\(Mf\) Firmware
Aterm Wg1200Hs2 Firmware