9.8
CRITICAL CVSS 3.1
CVE-2024-28015
NEC Corporation Aterm Command Injection
Description

Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary OS command with the root privilege via the internet.

INFO

Published Date :

March 28, 2024, 1:15 a.m.

Last Modified :

Sept. 29, 2025, 12:59 p.m.

Remotely Exploit :

Yes !
Affected Products

The following products are affected by CVE-2024-28015 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Nec aterm_wf300hp_firmware
2 Nec aterm_wg1400hp_firmware
3 Nec aterm_wg1800hp_firmware
4 Nec aterm_wg1800hp2_firmware
5 Nec aterm_wg2200hp_firmware
6 Nec aterm_wg300hp_firmware
7 Nec aterm_wg600hp_firmware
8 Nec aterm_wr8600n_firmware
9 Nec aterm_wr8700n_firmware
10 Nec aterm_wr8750n_firmware
11 Nec aterm_wr9300n_firmware
12 Nec aterm_wr9500n_firmware
13 Nec aterm_wr8170n_firmware
14 Nec aterm_wr8175n_firmware
15 Nec aterm_wr8370n_firmware
16 Nec aterm_wg1900hp2_firmware
17 Nec aterm_wg1900hp_firmware
18 Nec aterm_wg1800hp4_firmware
19 Nec aterm_wg1800hp3_firmware
20 Nec aterm_wg1200hs3_firmware
21 Nec aterm_wg1200hs2_firmware
22 Nec aterm_wg1200hp3_firmware
23 Nec aterm_wg1200hp2_firmware
24 Nec aterm_w1200ex-ms_firmware
25 Nec aterm_wg1200hs_firmware
26 Nec aterm_wg1200hp_firmware
27 Nec aterm_wf800hp_firmware
28 Nec aterm_wf300hp2_firmware
29 Nec aterm_wr8165n_firmware
30 Nec aterm_w300p_firmware
31 Nec aterm_w300p
32 Nec aterm_wg1900hp2
33 Nec aterm_wg1900hp
34 Nec aterm_wg1800hp4
35 Nec aterm_wg1800hp3
36 Nec aterm_wg1200hs3
37 Nec aterm_wg1200hs2
38 Nec aterm_wg1200hp3
39 Nec aterm_wg1200hp2
40 Nec aterm_w1200ex-ms
41 Nec aterm_wg1200hs
42 Nec aterm_wg1200hp
43 Nec aterm_wf800hp
44 Nec aterm_wf300hp2
45 Nec aterm_wr8165n
46 Nec aterm_wf300hp
47 Nec aterm_wg1400hp
48 Nec aterm_wg1800hp
49 Nec aterm_wg1800hp2
50 Nec aterm_wg2200hp
51 Nec aterm_wg300hp
52 Nec aterm_wg600hp
53 Nec aterm_wr8600n
54 Nec aterm_wr8700n
55 Nec aterm_wr8750n
56 Nec aterm_wr9300n
57 Nec aterm_wr9500n
58 Nec aterm_wr8170n
59 Nec aterm_wr8175n
60 Nec aterm_wr8370n
61 Nec aterm_wr7850s_firmware
62 Nec aterm_wr7850s
63 Nec aterm_wr6650s_firmware
64 Nec aterm_wr6650s
65 Nec aterm_wr6600h_firmware
66 Nec aterm_wr6600h
67 Nec aterm_wr7800h_firmware
68 Nec aterm_wr7800h
69 Nec aterm_wm3400rn_firmware
70 Nec aterm_wm3400rn
71 Nec aterm_wm3450rn_firmware
72 Nec aterm_wm3450rn
73 Nec aterm_wm3500r_firmware
74 Nec aterm_wm3500r
75 Nec aterm_wm3600r_firmware
76 Nec aterm_wm3600r
77 Nec aterm_wm3800r_firmware
78 Nec aterm_wm3800r
79 Nec aterm_wr8166n_firmware
80 Nec aterm_wr8166n
81 Nec aterm_mr01ln_firmware
82 Nec aterm_mr01ln
83 Nec aterm_mr02ln_firmware
84 Nec aterm_mr02ln
85 Nec aterm_wg1810hp\(je\)_firmware
86 Nec aterm_wg1810hp\(je\)
87 Nec aterm_wg1810hp\(mf\)_firmware
88 Nec aterm_wg1810hp\(mf\)
89 Nec aterm_wf1200hp2_firmware
90 Nec aterm_wf1200hp2
91 Nec aterm_wf1200hp_firmware
92 Nec aterm_wf1200hp
93 Nec aterm_wr8160n_firmware
94 Nec aterm_wr8160n
95 Nec aterm_wr8300n_firmware
96 Nec aterm_wr8300n
97 Nec aterm_wr8150n_firmware
98 Nec aterm_wr8150n
99 Nec aterm_wr4100n_firmware
100 Nec aterm_wr4100n
101 Nec aterm_wr4500n_firmware
102 Nec aterm_wr4500n
103 Nec aterm_wr8100n_firmware
104 Nec aterm_wr8100n
105 Nec aterm_wr8500n_firmware
106 Nec aterm_wr8500n
107 Nec aterm_cr2500p_firmware
108 Nec aterm_cr2500p
109 Nec aterm_wr8400n_firmware
110 Nec aterm_wr8400n
111 Nec aterm_wr8200n_firmware
112 Nec aterm_wr8200n
113 Nec aterm_wr1200h_firmware
114 Nec aterm_wr1200h
115 Nec aterm_wr7870s_firmware
116 Nec aterm_wr7870s
117 Nec aterm_wr6670s_firmware
118 Nec aterm_wr6670s
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 CRITICAL 134c704f-9b21-4f2e-91b3-4a467353bcc0
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2024-28015.

URL Resource
https://jpn.nec.com/security-info/secinfo/nv24-001_en.html Vendor Advisory
https://https://jpn.nec.com/security-info/secinfo/nv24-001_en.html Broken Link
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-28015 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-28015 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2024-28015 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Sep. 29, 2025

    Action Type Old Value New Value
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_wg1800hp4_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_wg1800hp4:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_wg1200hs3_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_wg1200hs3:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_wg1900hp2_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_wg1900hp2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_wg1200hp3_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_wg1200hp3:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_wg1800hp3_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_wg1800hp3:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_wr7850s_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_wr7850s:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_wr6650s_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_wr6650s:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_wr6600h_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_wr6600h:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_wr7800h_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_wr7800h:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_wm3400rn_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_wm3400rn:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_wm3450rn_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_wm3450rn:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_wm3500r_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_wm3500r:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_wm3600r_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_wm3600r:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_wm3800r_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_wm3800r:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_wr8166n_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_wr8166n:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_mr01ln_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_mr01ln:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_mr02ln_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_mr02ln:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_wg1810hp(je)_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_wg1810hp(je):-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_wg1810hp(mf)_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_wg1810hp(mf):-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_wg1200hs2_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_wg1200hs2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_wg1900hp_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_wg1900hp:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_wg1200hp2_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_wg1200hp2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_w1200ex-ms_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_w1200ex-ms:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_wg1200hs_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_wg1200hs:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_wg1200hp_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_wg1200hp:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_wf300hp2_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_wf300hp2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_w300p_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_w300p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_wf800hp_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_wf800hp:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_wr8165n_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_wr8165n:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_wg2200hp_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_wg2200hp:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_wf1200hp2_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_wf1200hp2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_wg1800hp2_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_wg1800hp2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_wf1200hp_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_wf1200hp:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_wg600hp_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_wg600hp:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_wg300hp_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_wg300hp:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_wf300hp_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_wf300hp:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_wg1800hp_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_wg1800hp:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_wg1400hp_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_wg1400hp:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_wr8175n_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_wr8175n:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_wr9300n_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_wr9300n:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_wr8750n_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_wr8750n:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_wr8160n_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_wr8160n:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_wr9500n_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_wr9500n:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_wr8600n_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_wr8600n:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_wr8370n_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_wr8370n:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_wr8170n_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_wr8170n:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_wr8700n_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_wr8700n:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_wr8300n_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_wr8300n:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_wr8150n_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_wr8150n:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_wr4100n_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_wr4100n:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_wr4500n_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_wr4500n:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_wr8100n_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_wr8100n:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_wr8500n_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_wr8500n:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_cr2500p_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_cr2500p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_wr8400n_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_wr8400n:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_wr8200n_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_wr8200n:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_wr1200h_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_wr1200h:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_wr7870s_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_wr7870s:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:nec:aterm_wr6670s_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:nec:aterm_wr6670s:-:*:*:*:*:*:*:*
    Added Reference Type CVE: https://https://jpn.nec.com/security-info/secinfo/nv24-001_en.html Types: Broken Link
    Added Reference Type NEC Corporation: https://jpn.nec.com/security-info/secinfo/nv24-001_en.html Types: Vendor Advisory
  • CVE Modified by [email protected]

    Jan. 14, 2025

    Action Type Old Value New Value
    Added Reference https://jpn.nec.com/security-info/secinfo/nv24-001_en.html
    Removed Reference https://https://jpn.nec.com/security-info/secinfo/nv24-001_en.html
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference https://https://jpn.nec.com/security-info/secinfo/nv24-001_en.html
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Aug. 01, 2024

    Action Type Old Value New Value
    Added CVSS V3.1 CISA-ADP AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • CVE Modified by [email protected]

    Apr. 02, 2024

    Action Type Old Value New Value
    Changed Description Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN and MR02LN all versions allows a attacker to execute an arbitrary OS command with the root privilege via the internet. Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary OS command with the root privilege via the internet.
  • CVE Received by [email protected]

    Mar. 28, 2024

    Action Type Old Value New Value
    Added Description Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN and MR02LN all versions allows a attacker to execute an arbitrary OS command with the root privilege via the internet.
    Added Reference NEC Corporation https://https://jpn.nec.com/security-info/secinfo/nv24-001_en.html [No types assigned]
    Added CWE NEC Corporation CWE-78
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
Base CVSS Score: 9.8
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact