CVE-2024-28015

9.8

CRITICAL CVSS 3.1

NEC Corporation Aterm Command Injection

Overview
Vulnerability Timeline

Description

Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary OS command with the root privilege via the internet.

INFO

Published Date :

March 28, 2024, 1:15 a.m.

Last Modified :

Sept. 29, 2025, 12:59 p.m.

Remotely Exploit :

Yes !

Source :

[email protected]

Affected Products

The following products are affected by CVE-2024-28015 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID	Vendor	Product
1	Nec	aterm_wf300hp_firmware
2	Nec	aterm_wg1400hp_firmware
3	Nec	aterm_wg1800hp_firmware
4	Nec	aterm_wg1800hp2_firmware
5	Nec	aterm_wg2200hp_firmware
6	Nec	aterm_wg300hp_firmware
7	Nec	aterm_wg600hp_firmware
8	Nec	aterm_wr8600n_firmware
9	Nec	aterm_wr8700n_firmware
10	Nec	aterm_wr8750n_firmware
11	Nec	aterm_wr9300n_firmware
12	Nec	aterm_wr9500n_firmware
13	Nec	aterm_wr8170n_firmware
14	Nec	aterm_wr8175n_firmware
15	Nec	aterm_wr8370n_firmware
16	Nec	aterm_wg1900hp2_firmware
17	Nec	aterm_wg1900hp_firmware
18	Nec	aterm_wg1800hp4_firmware
19	Nec	aterm_wg1800hp3_firmware
20	Nec	aterm_wg1200hs3_firmware
21	Nec	aterm_wg1200hs2_firmware
22	Nec	aterm_wg1200hp3_firmware
23	Nec	aterm_wg1200hp2_firmware
24	Nec	aterm_w1200ex-ms_firmware
25	Nec	aterm_wg1200hs_firmware
26	Nec	aterm_wg1200hp_firmware
27	Nec	aterm_wf800hp_firmware
28	Nec	aterm_wf300hp2_firmware
29	Nec	aterm_wr8165n_firmware
30	Nec	aterm_w300p_firmware
31	Nec	aterm_w300p
32	Nec	aterm_wg1900hp2
33	Nec	aterm_wg1900hp
34	Nec	aterm_wg1800hp4
35	Nec	aterm_wg1800hp3
36	Nec	aterm_wg1200hs3
37	Nec	aterm_wg1200hs2
38	Nec	aterm_wg1200hp3
39	Nec	aterm_wg1200hp2
40	Nec	aterm_w1200ex-ms
41	Nec	aterm_wg1200hs
42	Nec	aterm_wg1200hp
43	Nec	aterm_wf800hp
44	Nec	aterm_wf300hp2
45	Nec	aterm_wr8165n
46	Nec	aterm_wf300hp
47	Nec	aterm_wg1400hp
48	Nec	aterm_wg1800hp
49	Nec	aterm_wg1800hp2
50	Nec	aterm_wg2200hp
51	Nec	aterm_wg300hp
52	Nec	aterm_wg600hp
53	Nec	aterm_wr8600n
54	Nec	aterm_wr8700n
55	Nec	aterm_wr8750n
56	Nec	aterm_wr9300n
57	Nec	aterm_wr9500n
58	Nec	aterm_wr8170n
59	Nec	aterm_wr8175n
60	Nec	aterm_wr8370n
61	Nec	aterm_wr7850s_firmware
62	Nec	aterm_wr7850s
63	Nec	aterm_wr6650s_firmware
64	Nec	aterm_wr6650s
65	Nec	aterm_wr6600h_firmware
66	Nec	aterm_wr6600h
67	Nec	aterm_wr7800h_firmware
68	Nec	aterm_wr7800h
69	Nec	aterm_wm3400rn_firmware
70	Nec	aterm_wm3400rn
71	Nec	aterm_wm3450rn_firmware
72	Nec	aterm_wm3450rn
73	Nec	aterm_wm3500r_firmware
74	Nec	aterm_wm3500r
75	Nec	aterm_wm3600r_firmware
76	Nec	aterm_wm3600r
77	Nec	aterm_wm3800r_firmware
78	Nec	aterm_wm3800r
79	Nec	aterm_wr8166n_firmware
80	Nec	aterm_wr8166n
81	Nec	aterm_mr01ln_firmware
82	Nec	aterm_mr01ln
83	Nec	aterm_mr02ln_firmware
84	Nec	aterm_mr02ln
85	Nec	aterm_wg1810hp\(je\)_firmware
86	Nec	aterm_wg1810hp\(je\)
87	Nec	aterm_wg1810hp\(mf\)_firmware
88	Nec	aterm_wg1810hp\(mf\)
89	Nec	aterm_wf1200hp2_firmware
90	Nec	aterm_wf1200hp2
91	Nec	aterm_wf1200hp_firmware
92	Nec	aterm_wf1200hp
93	Nec	aterm_wr8160n_firmware
94	Nec	aterm_wr8160n
95	Nec	aterm_wr8300n_firmware
96	Nec	aterm_wr8300n
97	Nec	aterm_wr8150n_firmware
98	Nec	aterm_wr8150n
99	Nec	aterm_wr4100n_firmware
100	Nec	aterm_wr4100n
101	Nec	aterm_wr4500n_firmware
102	Nec	aterm_wr4500n
103	Nec	aterm_wr8100n_firmware
104	Nec	aterm_wr8100n
105	Nec	aterm_wr8500n_firmware
106	Nec	aterm_wr8500n
107	Nec	aterm_cr2500p_firmware
108	Nec	aterm_cr2500p
109	Nec	aterm_wr8400n_firmware
110	Nec	aterm_wr8400n
111	Nec	aterm_wr8200n_firmware
112	Nec	aterm_wr8200n
113	Nec	aterm_wr1200h_firmware
114	Nec	aterm_wr1200h
115	Nec	aterm_wr7870s_firmware
116	Nec	aterm_wr7870s
117	Nec	aterm_wr6670s_firmware
118	Nec	aterm_wr6670s

: Total Affected Vendor : 1 | Products : 118

CVSS Scores

The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.

Score	Version	Severity	Vector	Exploitability Score	Impact Score	Source
	CVSS 3.1	CRITICAL				134c704f-9b21-4f2e-91b3-4a467353bcc0

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2024-28015.

URL	Resource
https://jpn.nec.com/security-info/secinfo/nv24-001_en.html	Vendor Advisory
https://https://jpn.nec.com/security-info/secinfo/nv24-001_en.html	Broken Link

CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-28015 is associated with the following CWEs:

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2024-28015 weaknesses.

CAPEC-6: Argument Injection Argument Injection CAPEC-15: Command Delimiters Command Delimiters CAPEC-43: Exploiting Multiple Input Interpretation Layers Exploiting Multiple Input Interpretation Layers CAPEC-88: OS Command Injection OS Command Injection CAPEC-108: Command Line Execution through SQL Injection Command Line Execution through SQL Injection

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-28015 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2024-28015 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

Initial Analysis by [email protected]

Sep. 29, 2025

Action	Type	New Value
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_wg1800hp4_firmware:-::::::: OR cpe:2.3:h:nec:aterm_wg1800hp4:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_wg1200hs3_firmware:-::::::: OR cpe:2.3:h:nec:aterm_wg1200hs3:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_wg1900hp2_firmware:-::::::: OR cpe:2.3:h:nec:aterm_wg1900hp2:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_wg1200hp3_firmware:-::::::: OR cpe:2.3:h:nec:aterm_wg1200hp3:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_wg1800hp3_firmware:-::::::: OR cpe:2.3:h:nec:aterm_wg1800hp3:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_wr7850s_firmware:-::::::: OR cpe:2.3:h:nec:aterm_wr7850s:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_wr6650s_firmware:-::::::: OR cpe:2.3:h:nec:aterm_wr6650s:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_wr6600h_firmware:-::::::: OR cpe:2.3:h:nec:aterm_wr6600h:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_wr7800h_firmware:-::::::: OR cpe:2.3:h:nec:aterm_wr7800h:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_wm3400rn_firmware:-::::::: OR cpe:2.3:h:nec:aterm_wm3400rn:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_wm3450rn_firmware:-::::::: OR cpe:2.3:h:nec:aterm_wm3450rn:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_wm3500r_firmware:-::::::: OR cpe:2.3:h:nec:aterm_wm3500r:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_wm3600r_firmware:-::::::: OR cpe:2.3:h:nec:aterm_wm3600r:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_wm3800r_firmware:-::::::: OR cpe:2.3:h:nec:aterm_wm3800r:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_wr8166n_firmware:-::::::: OR cpe:2.3:h:nec:aterm_wr8166n:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_mr01ln_firmware:-::::::: OR cpe:2.3:h:nec:aterm_mr01ln:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_mr02ln_firmware:-::::::: OR cpe:2.3:h:nec:aterm_mr02ln:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_wg1810hp(je)_firmware:-::::::: OR cpe:2.3:h:nec:aterm_wg1810hp(je):-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_wg1810hp(mf)_firmware:-::::::: OR cpe:2.3:h:nec:aterm_wg1810hp(mf):-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_wg1200hs2_firmware:-::::::: OR cpe:2.3:h:nec:aterm_wg1200hs2:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_wg1900hp_firmware:-::::::: OR cpe:2.3:h:nec:aterm_wg1900hp:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_wg1200hp2_firmware:-::::::: OR cpe:2.3:h:nec:aterm_wg1200hp2:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_w1200ex-ms_firmware:-::::::: OR cpe:2.3:h:nec:aterm_w1200ex-ms:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_wg1200hs_firmware:-::::::: OR cpe:2.3:h:nec:aterm_wg1200hs:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_wg1200hp_firmware:-::::::: OR cpe:2.3:h:nec:aterm_wg1200hp:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_wf300hp2_firmware:-::::::: OR cpe:2.3:h:nec:aterm_wf300hp2:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_w300p_firmware:-::::::: OR cpe:2.3:h:nec:aterm_w300p:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_wf800hp_firmware:-::::::: OR cpe:2.3:h:nec:aterm_wf800hp:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_wr8165n_firmware:-::::::: OR cpe:2.3:h:nec:aterm_wr8165n:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_wg2200hp_firmware:-::::::: OR cpe:2.3:h:nec:aterm_wg2200hp:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_wf1200hp2_firmware:-::::::: OR cpe:2.3:h:nec:aterm_wf1200hp2:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_wg1800hp2_firmware:-::::::: OR cpe:2.3:h:nec:aterm_wg1800hp2:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_wf1200hp_firmware:-::::::: OR cpe:2.3:h:nec:aterm_wf1200hp:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_wg600hp_firmware:-::::::: OR cpe:2.3:h:nec:aterm_wg600hp:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_wg300hp_firmware:-::::::: OR cpe:2.3:h:nec:aterm_wg300hp:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_wf300hp_firmware:-::::::: OR cpe:2.3:h:nec:aterm_wf300hp:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_wg1800hp_firmware:-::::::: OR cpe:2.3:h:nec:aterm_wg1800hp:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_wg1400hp_firmware:-::::::: OR cpe:2.3:h:nec:aterm_wg1400hp:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_wr8175n_firmware:-::::::: OR cpe:2.3:h:nec:aterm_wr8175n:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_wr9300n_firmware:-::::::: OR cpe:2.3:h:nec:aterm_wr9300n:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_wr8750n_firmware:-::::::: OR cpe:2.3:h:nec:aterm_wr8750n:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_wr8160n_firmware:-::::::: OR cpe:2.3:h:nec:aterm_wr8160n:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_wr9500n_firmware:-::::::: OR cpe:2.3:h:nec:aterm_wr9500n:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_wr8600n_firmware:-::::::: OR cpe:2.3:h:nec:aterm_wr8600n:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_wr8370n_firmware:-::::::: OR cpe:2.3:h:nec:aterm_wr8370n:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_wr8170n_firmware:-::::::: OR cpe:2.3:h:nec:aterm_wr8170n:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_wr8700n_firmware:-::::::: OR cpe:2.3:h:nec:aterm_wr8700n:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_wr8300n_firmware:-::::::: OR cpe:2.3:h:nec:aterm_wr8300n:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_wr8150n_firmware:-::::::: OR cpe:2.3:h:nec:aterm_wr8150n:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_wr4100n_firmware:-::::::: OR cpe:2.3:h:nec:aterm_wr4100n:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_wr4500n_firmware:-::::::: OR cpe:2.3:h:nec:aterm_wr4500n:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_wr8100n_firmware:-::::::: OR cpe:2.3:h:nec:aterm_wr8100n:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_wr8500n_firmware:-::::::: OR cpe:2.3:h:nec:aterm_wr8500n:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_cr2500p_firmware:-::::::: OR cpe:2.3:h:nec:aterm_cr2500p:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_wr8400n_firmware:-::::::: OR cpe:2.3:h:nec:aterm_wr8400n:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_wr8200n_firmware:-::::::: OR cpe:2.3:h:nec:aterm_wr8200n:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_wr1200h_firmware:-::::::: OR cpe:2.3:h:nec:aterm_wr1200h:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_wr7870s_firmware:-::::::: OR cpe:2.3:h:nec:aterm_wr7870s:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:nec:aterm_wr6670s_firmware:-::::::: OR cpe:2.3:h:nec:aterm_wr6670s:-:::::::*
Added	Reference Type	CVE: https://https://jpn.nec.com/security-info/secinfo/nv24-001_en.html Types: Broken Link
Added	Reference Type	NEC Corporation: https://jpn.nec.com/security-info/secinfo/nv24-001_en.html Types: Vendor Advisory

CVE Modified by [email protected]

Jan. 14, 2025

Action	Type	Old Value	New Value
Added	Reference		https://jpn.nec.com/security-info/secinfo/nv24-001_en.html
Removed	Reference	https://https://jpn.nec.com/security-info/secinfo/nv24-001_en.html

CVE Modified by af854a3a-2127-422b-91ae-364da2661108

Nov. 21, 2024

Action	Type	Old Value	New Value
Added	Reference		https://https://jpn.nec.com/security-info/secinfo/nv24-001_en.html

CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

Aug. 01, 2024

Action	Type	Old Value	New Value
Added	CVSS V3.1		CISA-ADP AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE Modified by [email protected]

May. 14, 2024

Action	Type	Old Value	New Value

CVE Modified by [email protected]

Apr. 02, 2024

Action	Type	Old Value	New Value
Changed	Description	Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN and MR02LN all versions allows a attacker to execute an arbitrary OS command with the root privilege via the internet.	Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary OS command with the root privilege via the internet.

CVE Received by [email protected]

Mar. 28, 2024

Action	Type	New Value
Added	Description	Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN and MR02LN all versions allows a attacker to execute an arbitrary OS command with the root privilege via the internet.
Added	Reference	NEC Corporation https://https://jpn.nec.com/security-info/secinfo/nv24-001_en.html [No types assigned]
Added	CWE	NEC Corporation CWE-78

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.

Browse by Apps

CVE-2024-28015

NEC Corporation Aterm Command Injection

Description

INFO

March 28, 2024, 1:15 a.m.

Sept. 29, 2025, 12:59 p.m.

Yes !

[email protected]

Affected Products

CVSS Scores

References to Advisories, Solutions, and Tools

CWE - Common Weakness Enumeration

Common Attack Pattern Enumeration and Classification (CAPEC)

Initial Analysis by [email protected]

CVE Modified by [email protected]

CVE Modified by af854a3a-2127-422b-91ae-364da2661108

CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Received by [email protected]

Vulnerability Scoring Details

Base CVSS Score: 9.8

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable