CRITICAL🇵🇱 Wersja polska

CVE-2024-28007

CVSS 9.8v3.1pub. 2024-03-28upd. 2025-09-29

Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary command with the root privilege via the internet.

🤖 AI Analysis
How it works

The authentication mechanism in the firmware of NEC Aterm devices contains an improper authentication class error that enables bypassing identity verification without knowledge of any credentials. An attacker sending a specially crafted request over the internet can circumvent access control and issue system commands. Commands are executed in the context of the root account, meaning full access to the device's operating system.

Impact

Attacker gains full control over the device with root privileges, enabling configuration reading and modification, network traffic interception, DNS settings changes, and leveraging the device as an entry point to the local network.

Mitigation & patch

Security patches from the manufacturer should be applied according to references (https://jpn.nec.com/security-info/secinfo/nv24-001_en.html). Until updates are deployed, it is recommended to block internet access to device management panels and restrict the administrative interface exposure exclusively to trusted IP addresses on the local network.

Who is affected

All firmware versions of the following NEC Aterm devices: WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN, MR02LN, WG1810HP(JE), and WG1810HP(MF).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Nec Aterm Cr2500p

    HW
    Nec
    wszystkie wersje
  • Nec Aterm Cr2500p Firmware

    OS
    Nec
    wszystkie wersje
  • Nec Aterm Mr01ln

    HW
    Nec
    wszystkie wersje
  • Nec Aterm Mr01ln Firmware

    OS
    Nec
    wszystkie wersje
  • Nec Aterm Mr02ln

    HW
    Nec
    wszystkie wersje
  • Nec Aterm Mr02ln Firmware

    OS
    Nec
    wszystkie wersje
  • Nec Aterm W300p

    HW
    Nec
    wszystkie wersje
  • Nec Aterm W300p Firmware

    OS
    Nec
    wszystkie wersje
  • Nec Aterm Wf1200hp

    HW
    Nec
    wszystkie wersje
  • Nec Aterm Wf1200hp2

    HW
    Nec
    wszystkie wersje
  • Nec Aterm Wf1200hp2 Firmware

    OS
    Nec
    wszystkie wersje
  • Nec Aterm Wf1200hp Firmware

    OS
    Nec
    wszystkie wersje
  • Nec Aterm Wf300hp

    HW
    Nec
    wszystkie wersje
  • Nec Aterm Wf300hp2

    HW
    Nec
    wszystkie wersje
  • Nec Aterm Wf300hp2 Firmware

    OS
    Nec
    wszystkie wersje
  • Nec Aterm Wf300hp Firmware

    OS
    Nec
    wszystkie wersje
  • Nec Aterm Wf800hp

    HW
    Nec
    wszystkie wersje
  • Nec Aterm Wf800hp Firmware

    OS
    Nec
    wszystkie wersje
  • Nec Aterm Wg1200hs3

    HW
    Nec
    wszystkie wersje
  • Nec Aterm Wg1200hs3 Firmware

    OS
    Nec
    wszystkie wersje
  • Nec Aterm Wg1400hp

    HW
    Nec
    wszystkie wersje
  • Nec Aterm Wg1400hp Firmware

    OS
    Nec
    wszystkie wersje
  • Nec Aterm Wg1800hp

    HW
    Nec
    wszystkie wersje
  • Nec Aterm Wg1800hp2

    HW
    Nec
    wszystkie wersje
  • Nec Aterm Wg1800hp2 Firmware

    OS
    Nec
    wszystkie wersje
  • Nec Aterm Wg1800hp4

    HW
    Nec
    wszystkie wersje
  • Nec Aterm Wg1800hp4 Firmware

    OS
    Nec
    wszystkie wersje
  • Nec Aterm Wg1800hp Firmware

    OS
    Nec
    wszystkie wersje
  • Nec Aterm Wg1810hp\(je\)

    HW
    Nec
    wszystkie wersje
  • Nec Aterm Wg1810hp\(je\) Firmware

    OS
    Nec
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2024-28011CRITICAL9.8PL ✓ten sam produkt

Ukryta funkcjonalność w routerach NEC Aterm umożliwia RCE z uprawnieniami root

CVE-2024-28010CRITICAL9.8PL ✓ten sam produkt

Hardcoded password w routerach NEC Aterm — zdalne wykonanie poleceń OS

CVE-2024-28009CRITICAL9.8PL ✓ten sam produkt

Auth Bypass w NEC Aterm — zdalne wykonanie kodu jako root

CVE-2024-28008CRITICAL9.8PL ✓ten sam produkt

Active Debug Code w routerach NEC Aterm — zdalne wykonanie poleceń OS

CVE-2024-28012CRITICAL9.8PL ✓ten sam produkt

Auth Bypass w NEC Aterm — zdalne wykonanie kodu jako root