CVE-2024-28008
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
28/03/2024
Last modified:
29/09/2025
Description
Active Debug Code in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary OS command via the internet.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:nec:aterm_wg1800hp4_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:nec:aterm_wg1800hp4:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:nec:aterm_wg1200hs3_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:nec:aterm_wg1200hs3:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:nec:aterm_wg1900hp2_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:nec:aterm_wg1900hp2:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:nec:aterm_wg1200hp3_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:nec:aterm_wg1200hp3:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:nec:aterm_wg1800hp3_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:nec:aterm_wg1800hp3:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:nec:aterm_wg1200hs2_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:nec:aterm_wg1200hs2:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:nec:aterm_wg1900hp_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:nec:aterm_wg1900hp:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:nec:aterm_wg1200hp2_firmware:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page