CVE-2024-28007

28.03.2024, 01:15

Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary command with the root privilege via the internet.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
NEC	CNA	---				---
CISA-ADP	ADP	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 61%

Vendor	Product	Version
nec	aterm_wg1800hp4_firmware	-
nec	aterm_wg1200hs3_firmware	-
nec	aterm_wg1900hp2_firmware	-
nec	aterm_wg1200hp3_firmware	-
nec	aterm_wg1800hp3_firmware	-
nec	aterm_wg1200hs2_firmware	-
nec	aterm_wg1900hp_firmware	-
nec	aterm_wg1200hp2_firmware	-
nec	aterm_w1200ex-ms_firmware	-
nec	aterm_wg1200hs_firmware	-
nec	aterm_wg1200hp_firmware	-
nec	aterm_wf300hp2_firmware	-
nec	aterm_w300p_firmware	-
nec	aterm_wf800hp_firmware	-
nec	aterm_wr8165n_firmware	-
nec	aterm_wg2200hp_firmware	-
nec	aterm_wf1200hp2_firmware	-
nec	aterm_wg1800hp2_firmware	-
nec	aterm_wf1200hp_firmware	-
nec	aterm_wg600hp_firmware	-
nec	aterm_wg300hp_firmware	-
nec	aterm_wf300hp_firmware	-
nec	aterm_wg1800hp_firmware	-
nec	aterm_wg1400hp_firmware	-
nec	aterm_wr8175n_firmware	-
nec	aterm_wr9300n_firmware	-
nec	aterm_wr8750n_firmware	-
nec	aterm_wr8160n_firmware	-
nec	aterm_wr9500n_firmware	-
nec	aterm_wr8600n_firmware	-
nec	aterm_wr8370n_firmware	-
nec	aterm_wr8170n_firmware	-
nec	aterm_wr8700n_firmware	-
nec	aterm_wr8300n_firmware	-
nec	aterm_wr8150n_firmware	-
nec	aterm_wr4100n_firmware	-
nec	aterm_wr4500n_firmware	-
nec	aterm_wr8100n_firmware	-
nec	aterm_wr8500n_firmware	-
nec	aterm_cr2500p_firmware	-
nec	aterm_wr8400n_firmware	-
nec	aterm_wr8200n_firmware	-
nec	aterm_wr1200h_firmware	-
nec	aterm_wr7870s_firmware	-
nec	aterm_wr6670s_firmware	-
nec	aterm_wr7850s_firmware	-
nec	aterm_wr6650s_firmware	-
nec	aterm_wr6600h_firmware	-
nec	aterm_wr7800h_firmware	-
nec	aterm_wm3400rn_firmware	-
nec	aterm_wm3450rn_firmware	-
nec	aterm_wm3500r_firmware	-
nec	aterm_wm3600r_firmware	-
nec	aterm_wm3800r_firmware	-
nec	aterm_wr8166n_firmware	-
nec	aterm_mr01ln_firmware	-
nec	aterm_mr02ln_firmware	-
nec	aterm_wg1810hp\(je\)_firmware	-
nec	aterm_wg1810hp\(mf\)_firmware	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-287 - Improper Authentication
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

References

https://jpn.nec.com/security-info/secinfo/nv24-001_en.html

https://https://jpn.nec.com/security-info/secinfo/nv24-001_en.html