CVE-2024-28010

CRITICAL EPSS 43.2%
Published Mar 28, 20242y ago · Modified Jun 17, 20262w ago
9.8 CVSS 3.1
Critical
Find Similar
Published Mar 28, 2024 2y ago
Last Modified Jun 17, 2026 2w ago

Description

Use of Hard-coded Password in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary OS command via the internet.

CVSS Details

Base Score
9.8
Exploitability
3.9
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
43.2% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-259

Affected Products 118

VendorProductVersionRange
necaterm_wg1800hp4_firmware*any
necaterm_wg1800hp4*any
necaterm_wg1200hs3_firmware*any
necaterm_wg1200hs3*any
necaterm_wg1900hp2_firmware*any
necaterm_wg1900hp2*any
necaterm_wg1200hp3_firmware*any
necaterm_wg1200hp3*any
necaterm_wg1800hp3_firmware*any
necaterm_wg1800hp3*any
necaterm_wg1200hs2_firmware*any
necaterm_wg1200hs2*any
necaterm_wg1900hp_firmware*any
necaterm_wg1900hp*any
necaterm_wg1200hp2_firmware*any
necaterm_wg1200hp2*any
necaterm_w1200ex-ms_firmware*any
necaterm_w1200ex-ms*any
necaterm_wg1200hs_firmware*any
necaterm_wg1200hs*any
necaterm_wg1200hp_firmware*any
necaterm_wg1200hp*any
necaterm_wf300hp2_firmware*any
necaterm_wf300hp2*any
necaterm_w300p_firmware*any
necaterm_w300p*any
necaterm_wf800hp_firmware*any
necaterm_wf800hp*any
necaterm_wr8165n_firmware*any
necaterm_wr8165n*any
necaterm_wg2200hp_firmware*any
necaterm_wg2200hp*any
necaterm_wf1200hp2_firmware*any
necaterm_wf1200hp2*any
necaterm_wg1800hp2_firmware*any
necaterm_wg1800hp2*any
necaterm_wf1200hp_firmware*any
necaterm_wf1200hp*any
necaterm_wg600hp_firmware*any
necaterm_wg600hp*any
necaterm_wg300hp_firmware*any
necaterm_wg300hp*any
necaterm_wf300hp_firmware*any
necaterm_wf300hp*any
necaterm_wg1800hp_firmware*any
necaterm_wg1800hp*any
necaterm_wg1400hp_firmware*any
necaterm_wg1400hp*any
necaterm_wr8175n_firmware*any
necaterm_wr8175n*any
necaterm_wr9300n_firmware*any
necaterm_wr9300n*any
necaterm_wr8750n_firmware*any
necaterm_wr8750n*any
necaterm_wr8160n_firmware*any
necaterm_wr8160n*any
necaterm_wr9500n_firmware*any
necaterm_wr9500n*any
necaterm_wr8600n_firmware*any
necaterm_wr8600n*any
necaterm_wr8370n_firmware*any
necaterm_wr8370n*any
necaterm_wr8170n_firmware*any
necaterm_wr8170n*any
necaterm_wr8700n_firmware*any
necaterm_wr8700n*any
necaterm_wr8300n_firmware*any
necaterm_wr8300n*any
necaterm_wr8150n_firmware*any
necaterm_wr8150n*any
necaterm_wr4100n_firmware*any
necaterm_wr4100n*any
necaterm_wr4500n_firmware*any
necaterm_wr4500n*any
necaterm_wr8100n_firmware*any
necaterm_wr8100n*any
necaterm_wr8500n_firmware*any
necaterm_wr8500n*any
necaterm_cr2500p_firmware*any
necaterm_cr2500p*any
necaterm_wr8400n_firmware*any
necaterm_wr8400n*any
necaterm_wr8200n_firmware*any
necaterm_wr8200n*any
necaterm_wr1200h_firmware*any
necaterm_wr1200h*any
necaterm_wr7870s_firmware*any
necaterm_wr7870s*any
necaterm_wr6670s_firmware*any
necaterm_wr6670s*any
necaterm_wr7850s_firmware*any
necaterm_wr7850s*any
necaterm_wr6650s_firmware*any
necaterm_wr6650s*any
necaterm_wr6600h_firmware*any
necaterm_wr6600h*any
necaterm_wr7800h_firmware*any
necaterm_wr7800h*any
necaterm_wm3400rn_firmware*any
necaterm_wm3400rn*any
necaterm_wm3450rn_firmware*any
necaterm_wm3450rn*any
necaterm_wm3500r_firmware*any
necaterm_wm3500r*any
necaterm_wm3600r_firmware*any
necaterm_wm3600r*any
necaterm_wm3800r_firmware*any
necaterm_wm3800r*any
necaterm_wr8166n_firmware*any
necaterm_wr8166n*any
necaterm_mr01ln_firmware*any
necaterm_mr01ln*any
necaterm_mr02ln_firmware*any
necaterm_mr02ln*any
necaterm_wg1810hp\(je\)_firmware*any
necaterm_wg1810hp\(je\)*any
necaterm_wg1810hp\(mf\)_firmware*any
necaterm_wg1810hp\(mf\)*any

References 2

  • https https://https://jpn.nec.com/security-info/secinfo/nv24-001_en.html
    Broken Link
  • jpn.nec.com https://jpn.nec.com/security-info/secinfo/nv24-001_en.html
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.