CVE-2024-28011

CRITICAL EPSS 45.4%
Published Mar 28, 20242y ago · Modified Jun 17, 20262w ago
9.8 CVSS 3.1
Critical
Find Similar
Published Mar 28, 2024 2y ago
Last Modified Jun 17, 2026 2w ago

Description

Hidden Functionality vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary OS command with the root privilege via the internet

CVSS Details

Base Score
9.8
Exploitability
3.9
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
45.4% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-912

Affected Products 118

VendorProductVersionRange
necaterm_wg1800hp4_firmware*any
necaterm_wg1800hp4*any
necaterm_wg1200hs3_firmware*any
necaterm_wg1200hs3*any
necaterm_wg1900hp2_firmware*any
necaterm_wg1900hp2*any
necaterm_wg1200hp3_firmware*any
necaterm_wg1200hp3*any
necaterm_wg1800hp3_firmware*any
necaterm_wg1800hp3*any
necaterm_wg1200hs2_firmware*any
necaterm_wg1200hs2*any
necaterm_wg1900hp_firmware*any
necaterm_wg1900hp*any
necaterm_wg1200hp2_firmware*any
necaterm_wg1200hp2*any
necaterm_w1200ex-ms_firmware*any
necaterm_w1200ex-ms*any
necaterm_wg1200hs_firmware*any
necaterm_wg1200hs*any
necaterm_wg1200hp_firmware*any
necaterm_wg1200hp*any
necaterm_wf300hp2_firmware*any
necaterm_wf300hp2*any
necaterm_w300p_firmware*any
necaterm_w300p*any
necaterm_wf800hp_firmware*any
necaterm_wf800hp*any
necaterm_wr8165n_firmware*any
necaterm_wr8165n*any
necaterm_wg2200hp_firmware*any
necaterm_wg2200hp*any
necaterm_wf1200hp2_firmware*any
necaterm_wf1200hp2*any
necaterm_wg1800hp2_firmware*any
necaterm_wg1800hp2*any
necaterm_wf1200hp_firmware*any
necaterm_wf1200hp*any
necaterm_wg600hp_firmware*any
necaterm_wg600hp*any
necaterm_wg300hp_firmware*any
necaterm_wg300hp*any
necaterm_wf300hp_firmware*any
necaterm_wf300hp*any
necaterm_wg1800hp_firmware*any
necaterm_wg1800hp*any
necaterm_wg1400hp_firmware*any
necaterm_wg1400hp*any
necaterm_wr8175n_firmware*any
necaterm_wr8175n*any
necaterm_wr9300n_firmware*any
necaterm_wr9300n*any
necaterm_wr8750n_firmware*any
necaterm_wr8750n*any
necaterm_wr8160n_firmware*any
necaterm_wr8160n*any
necaterm_wr9500n_firmware*any
necaterm_wr9500n*any
necaterm_wr8600n_firmware*any
necaterm_wr8600n*any
necaterm_wr8370n_firmware*any
necaterm_wr8370n*any
necaterm_wr8170n_firmware*any
necaterm_wr8170n*any
necaterm_wr8700n_firmware*any
necaterm_wr8700n*any
necaterm_wr8300n_firmware*any
necaterm_wr8300n*any
necaterm_wr8150n_firmware*any
necaterm_wr8150n*any
necaterm_wr4100n_firmware*any
necaterm_wr4100n*any
necaterm_wr4500n_firmware*any
necaterm_wr4500n*any
necaterm_wr8100n_firmware*any
necaterm_wr8100n*any
necaterm_wr8500n_firmware*any
necaterm_wr8500n*any
necaterm_cr2500p_firmware*any
necaterm_cr2500p*any
necaterm_wr8400n_firmware*any
necaterm_wr8400n*any
necaterm_wr8200n_firmware*any
necaterm_wr8200n*any
necaterm_wr1200h_firmware*any
necaterm_wr1200h*any
necaterm_wr7870s_firmware*any
necaterm_wr7870s*any
necaterm_wr6670s_firmware*any
necaterm_wr6670s*any
necaterm_wr7850s_firmware*any
necaterm_wr7850s*any
necaterm_wr6650s_firmware*any
necaterm_wr6650s*any
necaterm_wr6600h_firmware*any
necaterm_wr6600h*any
necaterm_wr7800h_firmware*any
necaterm_wr7800h*any
necaterm_wm3400rn_firmware*any
necaterm_wm3400rn*any
necaterm_wm3450rn_firmware*any
necaterm_wm3450rn*any
necaterm_wm3500r_firmware*any
necaterm_wm3500r*any
necaterm_wm3600r_firmware*any
necaterm_wm3600r*any
necaterm_wm3800r_firmware*any
necaterm_wm3800r*any
necaterm_wr8166n_firmware*any
necaterm_wr8166n*any
necaterm_mr01ln_firmware*any
necaterm_mr01ln*any
necaterm_mr02ln_firmware*any
necaterm_mr02ln*any
necaterm_wg1810hp\(je\)_firmware*any
necaterm_wg1810hp\(je\)*any
necaterm_wg1810hp\(mf\)_firmware*any
necaterm_wg1810hp\(mf\)*any

References 2

  • https https://https://jpn.nec.com/security-info/secinfo/nv24-001_en.html
    Broken Link
  • jpn.nec.com https://jpn.nec.com/security-info/secinfo/nv24-001_en.html
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.