CVE-2024-28009

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-28009
Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary command with the root privilege via the internet.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://jpn.nec.com/security-info/secinfo/nv24-001_en.html Vendor Advisory
https://https://jpn.nec.com/security-info/secinfo/nv24-001_en.html Broken Link
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:nec:aterm_wg1800hp4_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg1800hp4:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:nec:aterm_wg1200hs3_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg1200hs3:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:nec:aterm_wg1900hp2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg1900hp2:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:nec:aterm_wg1200hp3_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg1200hp3:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:nec:aterm_wg1800hp3_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg1800hp3:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:nec:aterm_wg1200hs2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg1200hs2:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:nec:aterm_wg1900hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg1900hp:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:nec:aterm_wg1200hp2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg1200hp2:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:nec:aterm_w1200ex-ms_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_w1200ex-ms:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:nec:aterm_wg1200hs_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg1200hs:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:nec:aterm_wg1200hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg1200hp:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:nec:aterm_wf300hp2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wf300hp2:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:nec:aterm_w300p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_w300p:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:nec:aterm_wf800hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wf800hp:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:nec:aterm_wr8165n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8165n:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:nec:aterm_wg2200hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg2200hp:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:nec:aterm_wf1200hp2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wf1200hp2:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:nec:aterm_wg1800hp2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg1800hp2:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:nec:aterm_wf1200hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wf1200hp:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:nec:aterm_wg600hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg600hp:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:nec:aterm_wg300hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg300hp:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:nec:aterm_wf300hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wf300hp:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:nec:aterm_wg1800hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg1800hp:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:nec:aterm_wg1400hp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg1400hp:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND
cpe:2.3:o:nec:aterm_wr8175n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8175n:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND
cpe:2.3:o:nec:aterm_wr9300n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr9300n:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND
cpe:2.3:o:nec:aterm_wr8750n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8750n:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND
cpe:2.3:o:nec:aterm_wr8160n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8160n:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND
cpe:2.3:o:nec:aterm_wr9500n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr9500n:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND
cpe:2.3:o:nec:aterm_wr8600n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8600n:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND
cpe:2.3:o:nec:aterm_wr8370n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8370n:-:*:*:*:*:*:*:*

Configuration 32 (hide)

AND
cpe:2.3:o:nec:aterm_wr8170n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8170n:-:*:*:*:*:*:*:*

Configuration 33 (hide)

AND
cpe:2.3:o:nec:aterm_wr8700n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8700n:-:*:*:*:*:*:*:*

Configuration 34 (hide)

AND
cpe:2.3:o:nec:aterm_wr8300n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8300n:-:*:*:*:*:*:*:*

Configuration 35 (hide)

AND
cpe:2.3:o:nec:aterm_wr8150n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8150n:-:*:*:*:*:*:*:*

Configuration 36 (hide)

AND
cpe:2.3:o:nec:aterm_wr4100n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr4100n:-:*:*:*:*:*:*:*

Configuration 37 (hide)

AND
cpe:2.3:o:nec:aterm_wr4500n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr4500n:-:*:*:*:*:*:*:*

Configuration 38 (hide)

AND
cpe:2.3:o:nec:aterm_wr8100n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8100n:-:*:*:*:*:*:*:*

Configuration 39 (hide)

AND
cpe:2.3:o:nec:aterm_wr8500n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8500n:-:*:*:*:*:*:*:*

Configuration 40 (hide)

AND
cpe:2.3:o:nec:aterm_cr2500p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_cr2500p:-:*:*:*:*:*:*:*

Configuration 41 (hide)

AND
cpe:2.3:o:nec:aterm_wr8400n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8400n:-:*:*:*:*:*:*:*

Configuration 42 (hide)

AND
cpe:2.3:o:nec:aterm_wr8200n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8200n:-:*:*:*:*:*:*:*

Configuration 43 (hide)

AND
cpe:2.3:o:nec:aterm_wr1200h_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr1200h:-:*:*:*:*:*:*:*

Configuration 44 (hide)

AND
cpe:2.3:o:nec:aterm_wr7870s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr7870s:-:*:*:*:*:*:*:*

Configuration 45 (hide)

AND
cpe:2.3:o:nec:aterm_wr6670s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr6670s:-:*:*:*:*:*:*:*

Configuration 46 (hide)

AND
cpe:2.3:o:nec:aterm_wr7850s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr7850s:-:*:*:*:*:*:*:*

Configuration 47 (hide)

AND
cpe:2.3:o:nec:aterm_wr6650s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr6650s:-:*:*:*:*:*:*:*

Configuration 48 (hide)

AND
cpe:2.3:o:nec:aterm_wr6600h_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr6600h:-:*:*:*:*:*:*:*

Configuration 49 (hide)

AND
cpe:2.3:o:nec:aterm_wr7800h_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr7800h:-:*:*:*:*:*:*:*

Configuration 50 (hide)

AND
cpe:2.3:o:nec:aterm_wm3400rn_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wm3400rn:-:*:*:*:*:*:*:*

Configuration 51 (hide)

AND
cpe:2.3:o:nec:aterm_wm3450rn_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wm3450rn:-:*:*:*:*:*:*:*

Configuration 52 (hide)

AND
cpe:2.3:o:nec:aterm_wm3500r_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wm3500r:-:*:*:*:*:*:*:*

Configuration 53 (hide)

AND
cpe:2.3:o:nec:aterm_wm3600r_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wm3600r:-:*:*:*:*:*:*:*

Configuration 54 (hide)

AND
cpe:2.3:o:nec:aterm_wm3800r_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wm3800r:-:*:*:*:*:*:*:*

Configuration 55 (hide)

AND
cpe:2.3:o:nec:aterm_wr8166n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wr8166n:-:*:*:*:*:*:*:*

Configuration 56 (hide)

AND
cpe:2.3:o:nec:aterm_mr01ln_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_mr01ln:-:*:*:*:*:*:*:*

Configuration 57 (hide)

AND
cpe:2.3:o:nec:aterm_mr02ln_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_mr02ln:-:*:*:*:*:*:*:*

Configuration 58 (hide)

AND
cpe:2.3:o:nec:aterm_wg1810hp\(je\)_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg1810hp\(je\):-:*:*:*:*:*:*:*

Configuration 59 (hide)

AND
cpe:2.3:o:nec:aterm_wg1810hp\(mf\)_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nec:aterm_wg1810hp\(mf\):-:*:*:*:*:*:*:*
History

No history.

Information

Published : 2024-03-28 01:15

Updated : 2025-09-29 13:02

NVD link : CVE-2024-28009

Mitre link : CVE-2024-28009

CVE.ORG link : CVE-2024-28009

JSON object : View

Products Affected

nec

  • aterm_wr4500n_firmware
  • aterm_wf1200hp
  • aterm_wg1800hp3_firmware
  • aterm_wr8170n_firmware
  • aterm_wg1800hp2_firmware
  • aterm_wm3600r_firmware
  • aterm_wg1200hp_firmware
  • aterm_wr8165n
  • aterm_wf1200hp_firmware
  • aterm_w1200ex-ms
  • aterm_w300p_firmware
  • aterm_wg1900hp_firmware
  • aterm_wr8175n_firmware
  • aterm_wm3800r
  • aterm_wg1200hs2_firmware
  • aterm_wr4100n_firmware
  • aterm_wf1200hp2_firmware
  • aterm_wm3450rn
  • aterm_wg1810hp\(mf\)
  • aterm_wr8700n
  • aterm_wr7870s_firmware
  • aterm_wr8166n_firmware
  • aterm_wr8150n_firmware
  • aterm_wg2200hp
  • aterm_wr8370n_firmware
  • aterm_wg1200hp3_firmware
  • aterm_wr7800h_firmware
  • aterm_wr8700n_firmware
  • aterm_wr9300n_firmware
  • aterm_wr8100n_firmware
  • aterm_wg600hp
  • aterm_wr8200n_firmware
  • aterm_wr8160n
  • aterm_wr6670s_firmware
  • aterm_wf300hp2
  • aterm_wg1200hp
  • aterm_wg1810hp\(je\)_firmware
  • aterm_mr02ln_firmware
  • aterm_wg1200hs3
  • aterm_wg1200hp3
  • aterm_wg1200hp2
  • aterm_w1200ex-ms_firmware
  • aterm_wr8600n_firmware
  • aterm_wm3600r
  • aterm_wr8300n_firmware
  • aterm_wg1400hp_firmware
  • aterm_wm3500r_firmware
  • aterm_cr2500p_firmware
  • aterm_wr7850s_firmware
  • aterm_wg1800hp4
  • aterm_wg1800hp2
  • aterm_wg1200hs3_firmware
  • aterm_wr8600n
  • aterm_w300p
  • aterm_wg1800hp_firmware
  • aterm_wr8500n
  • aterm_wf300hp
  • aterm_wr8200n
  • aterm_wg1810hp\(je\)
  • aterm_wr8166n
  • aterm_wr6650s
  • aterm_wr8300n
  • aterm_wg1800hp4_firmware
  • aterm_wr8150n
  • aterm_wf800hp_firmware
  • aterm_wr8165n_firmware
  • aterm_wr8370n
  • aterm_wr9500n_firmware
  • aterm_wg1200hs
  • aterm_wr8400n_firmware
  • aterm_wr7870s
  • aterm_wm3500r
  • aterm_wg1810hp\(mf\)_firmware
  • aterm_wr7850s
  • aterm_wr8160n_firmware
  • aterm_mr01ln_firmware
  • aterm_wr7800h
  • aterm_wr8170n
  • aterm_wr8100n
  • aterm_wg1200hp2_firmware
  • aterm_wg1800hp3
  • aterm_wr4500n
  • aterm_wg1900hp2_firmware
  • aterm_wg600hp_firmware
  • aterm_wr6600h_firmware
  • aterm_wr6650s_firmware
  • aterm_wr4100n
  • aterm_wf300hp_firmware
  • aterm_wg1200hs_firmware
  • aterm_wg1900hp
  • aterm_wg1200hs2
  • aterm_wr8175n
  • aterm_wr9500n
  • aterm_wr8750n
  • aterm_mr02ln
  • aterm_wf1200hp2
  • aterm_wg2200hp_firmware
  • aterm_wr9300n
  • aterm_wr6670s
  • aterm_wg1900hp2
  • aterm_wm3800r_firmware
  • aterm_wg1400hp
  • aterm_wm3400rn_firmware
  • aterm_wg1800hp
  • aterm_wr1200h_firmware
  • aterm_wm3400rn
  • aterm_wr8400n
  • aterm_cr2500p
  • aterm_wr8500n_firmware
  • aterm_wf300hp2_firmware
  • aterm_wm3450rn_firmware
  • aterm_wr8750n_firmware
  • aterm_wr1200h
  • aterm_wg300hp
  • aterm_wr6600h
  • aterm_mr01ln
  • aterm_wg300hp_firmware
  • aterm_wf800hp
CWE
CWE-287

Improper Authentication