Strix
26.1K

CVE-2024-28015

CRITICALCVSS 9.8/10EPSS 0.67%

Last modified

CVE-2024-28015 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary OS command with the root privilege via the internet.. EPSS estimates a 0.67% chance of exploitation in the next 30 days.

Description

Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary OS command with the root privilege via the internet.

Metrics

CVSS 3.1
9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
0.67%

47.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
NecAterm Wg1800hp4 FirmwareAll versions
NecAterm Wg1200hs3 FirmwareAll versions
NecAterm Wg1900hp2 FirmwareAll versions
NecAterm Wg1200hp3 FirmwareAll versions
NecAterm Wg1800hp3 FirmwareAll versions
NecAterm Wr7850s FirmwareAll versions
NecAterm Wr6650s FirmwareAll versions
NecAterm Wr6600h FirmwareAll versions
NecAterm Wr7800h FirmwareAll versions
NecAterm Wm3400rn FirmwareAll versions
NecAterm Wm3450rn FirmwareAll versions
NecAterm Wm3500r FirmwareAll versions
NecAterm Wm3600r FirmwareAll versions
NecAterm Wm3800r FirmwareAll versions
NecAterm Wr8166n FirmwareAll versions
NecAterm Mr01ln FirmwareAll versions
NecAterm Mr02ln FirmwareAll versions
NecAterm Wg1810hp\(Je\) FirmwareAll versions
NecAterm Wg1810hp\(Mf\) FirmwareAll versions
NecAterm Wg1200hs2 FirmwareAll versions
NecAterm Wg1900hp FirmwareAll versions
NecAterm Wg1200hp2 FirmwareAll versions
NecAterm W1200ex-Ms FirmwareAll versions
NecAterm Wg1200hs FirmwareAll versions
NecAterm Wg1200hp FirmwareAll versions
NecAterm Wf300hp2 FirmwareAll versions
NecAterm W300p FirmwareAll versions
NecAterm Wf800hp FirmwareAll versions
NecAterm Wr8165n FirmwareAll versions
NecAterm Wg2200hp FirmwareAll versions
NecAterm Wf1200hp2 FirmwareAll versions
NecAterm Wg1800hp2 FirmwareAll versions
NecAterm Wf1200hp FirmwareAll versions
NecAterm Wg600hp FirmwareAll versions
NecAterm Wg300hp FirmwareAll versions
NecAterm Wf300hp FirmwareAll versions
NecAterm Wg1800hp FirmwareAll versions
NecAterm Wg1400hp FirmwareAll versions
NecAterm Wr8175n FirmwareAll versions
NecAterm Wr9300n FirmwareAll versions
NecAterm Wr8750n FirmwareAll versions
NecAterm Wr8160n FirmwareAll versions
NecAterm Wr9500n FirmwareAll versions
NecAterm Wr8600n FirmwareAll versions
NecAterm Wr8370n FirmwareAll versions
NecAterm Wr8170n FirmwareAll versions
NecAterm Wr8700n FirmwareAll versions
NecAterm Wr8300n FirmwareAll versions
NecAterm Wr8150n FirmwareAll versions
NecAterm Wr4100n FirmwareAll versions

Showing 50 of 59 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Analyzed

Frequently Asked Questions

What is CVE-2024-28015?
Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary OS command with the root privilege via the internet.
How severe is CVE-2024-28015?
CVE-2024-28015 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 0.67% probability of exploitation in the next 30 days.
How do I fix CVE-2024-28015?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-28015?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST