Strix
26.1K

CVE-2024-28007

CRITICALCVSS 9.8/10EPSS 0.65%

Last modified

CVE-2024-28007 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary command with the root privilege via the internet.. EPSS estimates a 0.65% chance of exploitation in the next 30 days.

Description

Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary command with the root privilege via the internet.

Metrics

CVSS 3.1
9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
0.65%

46.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
NecAterm Wg1800hp4 FirmwareAll versions
NecAterm Wg1200hs3 FirmwareAll versions
NecAterm Wr8750n FirmwareAll versions
NecAterm Wr8160n FirmwareAll versions
NecAterm Wr9500n FirmwareAll versions
NecAterm Wr8600n FirmwareAll versions
NecAterm Wr8370n FirmwareAll versions
NecAterm Wr8170n FirmwareAll versions
NecAterm Wr8700n FirmwareAll versions
NecAterm Wr8300n FirmwareAll versions
NecAterm Wr8150n FirmwareAll versions
NecAterm Wr4100n FirmwareAll versions
NecAterm Wr4500n FirmwareAll versions
NecAterm Wr8100n FirmwareAll versions
NecAterm Wr8500n FirmwareAll versions
NecAterm Cr2500p FirmwareAll versions
NecAterm Wr8400n FirmwareAll versions
NecAterm Wr8200n FirmwareAll versions
NecAterm Wr1200h FirmwareAll versions
NecAterm Wr7870s FirmwareAll versions
NecAterm Wr6670s FirmwareAll versions
NecAterm Wr7850s FirmwareAll versions
NecAterm Wr6650s FirmwareAll versions
NecAterm Wr6600h FirmwareAll versions
NecAterm Wr7800h FirmwareAll versions
NecAterm Wm3400rn FirmwareAll versions
NecAterm Wm3450rn FirmwareAll versions
NecAterm Wm3500r FirmwareAll versions
NecAterm Wm3600r FirmwareAll versions
NecAterm Wm3800r FirmwareAll versions
NecAterm Wr8166n FirmwareAll versions
NecAterm Mr01ln FirmwareAll versions
NecAterm Mr02ln FirmwareAll versions
NecAterm Wg1810hp\(Je\) FirmwareAll versions
NecAterm Wg1810hp\(Mf\) FirmwareAll versions
NecAterm Wr9300n FirmwareAll versions
NecAterm Wr8175n FirmwareAll versions
NecAterm Wg1400hp FirmwareAll versions
NecAterm Wg1800hp FirmwareAll versions
NecAterm Wf300hp FirmwareAll versions
NecAterm Wg300hp FirmwareAll versions
NecAterm Wg600hp FirmwareAll versions
NecAterm Wf1200hp FirmwareAll versions
NecAterm Wg1800hp2 FirmwareAll versions
NecAterm Wf1200hp2 FirmwareAll versions
NecAterm Wg2200hp FirmwareAll versions
NecAterm Wr8165n FirmwareAll versions
NecAterm Wf800hp FirmwareAll versions
NecAterm W300p FirmwareAll versions
NecAterm Wf300hp2 FirmwareAll versions

Showing 50 of 59 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Analyzed

Frequently Asked Questions

What is CVE-2024-28007?
Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary command with the root privilege via the internet.
How severe is CVE-2024-28007?
CVE-2024-28007 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 0.65% probability of exploitation in the next 30 days.
How do I fix CVE-2024-28007?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-28007?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST