TROYANOSYVIRUS
Voltar para CVEs

CVE-2024-28015

CRITICAL
9.8

Descricao

Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary OS command with the root privilege via the internet.

Detalhes CVE

Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado3/28/2024
Ultima modificacao9/29/2025
Fontenvd
Avistamentos honeypot0

Produtos afetados

nec:aterm_cr2500pnec:aterm_cr2500p_firmwarenec:aterm_mr01lnnec:aterm_mr01ln_firmwarenec:aterm_mr02lnnec:aterm_mr02ln_firmwarenec:aterm_w1200ex-msnec:aterm_w1200ex-ms_firmwarenec:aterm_w300pnec:aterm_w300p_firmwarenec:aterm_wf1200hpnec:aterm_wf1200hp2nec:aterm_wf1200hp2_firmwarenec:aterm_wf1200hp_firmwarenec:aterm_wf300hpnec:aterm_wf300hp2nec:aterm_wf300hp2_firmwarenec:aterm_wf300hp_firmwarenec:aterm_wf800hpnec:aterm_wf800hp_firmwarenec:aterm_wg1200hpnec:aterm_wg1200hp2nec:aterm_wg1200hp2_firmwarenec:aterm_wg1200hp3nec:aterm_wg1200hp3_firmwarenec:aterm_wg1200hp_firmwarenec:aterm_wg1200hsnec:aterm_wg1200hs2nec:aterm_wg1200hs2_firmwarenec:aterm_wg1200hs3nec:aterm_wg1200hs3_firmwarenec:aterm_wg1200hs_firmwarenec:aterm_wg1400hpnec:aterm_wg1400hp_firmwarenec:aterm_wg1800hpnec:aterm_wg1800hp2nec:aterm_wg1800hp2_firmwarenec:aterm_wg1800hp3nec:aterm_wg1800hp3_firmwarenec:aterm_wg1800hp4nec:aterm_wg1800hp4_firmwarenec:aterm_wg1800hp_firmwarenec:aterm_wg1810hp\(je\)nec:aterm_wg1810hp\(je\)_firmwarenec:aterm_wg1810hp\(mf\)nec:aterm_wg1810hp\(mf\)_firmwarenec:aterm_wg1900hpnec:aterm_wg1900hp2nec:aterm_wg1900hp2_firmwarenec:aterm_wg1900hp_firmwarenec:aterm_wg2200hpnec:aterm_wg2200hp_firmwarenec:aterm_wg300hpnec:aterm_wg300hp_firmwarenec:aterm_wg600hpnec:aterm_wg600hp_firmwarenec:aterm_wm3400rnnec:aterm_wm3400rn_firmwarenec:aterm_wm3450rnnec:aterm_wm3450rn_firmwarenec:aterm_wm3500rnec:aterm_wm3500r_firmwarenec:aterm_wm3600rnec:aterm_wm3600r_firmwarenec:aterm_wm3800rnec:aterm_wm3800r_firmwarenec:aterm_wr1200hnec:aterm_wr1200h_firmwarenec:aterm_wr4100nnec:aterm_wr4100n_firmwarenec:aterm_wr4500nnec:aterm_wr4500n_firmwarenec:aterm_wr6600hnec:aterm_wr6600h_firmwarenec:aterm_wr6650snec:aterm_wr6650s_firmwarenec:aterm_wr6670snec:aterm_wr6670s_firmwarenec:aterm_wr7800hnec:aterm_wr7800h_firmwarenec:aterm_wr7850snec:aterm_wr7850s_firmwarenec:aterm_wr7870snec:aterm_wr7870s_firmwarenec:aterm_wr8100nnec:aterm_wr8100n_firmwarenec:aterm_wr8150nnec:aterm_wr8150n_firmwarenec:aterm_wr8160nnec:aterm_wr8160n_firmwarenec:aterm_wr8165nnec:aterm_wr8165n_firmwarenec:aterm_wr8166nnec:aterm_wr8166n_firmwarenec:aterm_wr8170nnec:aterm_wr8170n_firmwarenec:aterm_wr8175nnec:aterm_wr8175n_firmwarenec:aterm_wr8200nnec:aterm_wr8200n_firmwarenec:aterm_wr8300nnec:aterm_wr8300n_firmwarenec:aterm_wr8370nnec:aterm_wr8370n_firmwarenec:aterm_wr8400nnec:aterm_wr8400n_firmwarenec:aterm_wr8500nnec:aterm_wr8500n_firmwarenec:aterm_wr8600nnec:aterm_wr8600n_firmwarenec:aterm_wr8700nnec:aterm_wr8700n_firmwarenec:aterm_wr8750nnec:aterm_wr8750n_firmwarenec:aterm_wr9300nnec:aterm_wr9300n_firmwarenec:aterm_wr9500nnec:aterm_wr9500n_firmware

Fraquezas (CWE)

CWE-78

Referencias

https://jpn.nec.com/security-info/secinfo/nv24-001_en.html(psirt-info@cyber.jp.nec.com)
https://https://jpn.nec.com/security-info/secinfo/nv24-001_en.html(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.