CRITICAL🇵🇱 Wersja polska

CVE-2024-28008

CVSS 9.8v3.1pub. 2024-03-28upd. 2025-09-29

Active Debug Code in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary OS command via the internet.

🤖 AI Analysis
How it works

The manufacturer left active diagnostic code (debug code) in the firmware of the devices, which should not be present in production versions. Such code often exposes additional administrative interfaces or functions available without authentication. Attackers can use them to send requests over the internet and execute arbitrary operating system commands on the vulnerable device.

Impact

A remote and unauthenticated attacker can gain full control over the device by executing arbitrary OS commands — resulting in the possibility of compromising the confidentiality, integrity, and availability of the entire network served by the router.

Mitigation & patch

Apply patches available from the manufacturer in accordance with the references (https://jpn.nec.com/security-info/secinfo/nv24-001_en.html). Until the update is applied, it is recommended to restrict access to the device management interface from the internet and to apply firewall rules blocking unauthorized incoming traffic.

Who is affected

All firmware versions of the following NEC Aterm devices: WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN, MR02LN, WG1810HP(JE), and WG1810HP(MF).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Nec Aterm Cr2500p

    HW
    Nec
    wszystkie wersje
  • Nec Aterm Cr2500p Firmware

    OS
    Nec
    wszystkie wersje
  • Nec Aterm W1200ex Ms

    HW
    Nec
    wszystkie wersje
  • Nec Aterm W1200ex Ms Firmware

    OS
    Nec
    wszystkie wersje
  • Nec Aterm W300p

    HW
    Nec
    wszystkie wersje
  • Nec Aterm W300p Firmware

    OS
    Nec
    wszystkie wersje
  • Nec Aterm Wf1200hp

    HW
    Nec
    wszystkie wersje
  • Nec Aterm Wf1200hp2

    HW
    Nec
    wszystkie wersje
  • Nec Aterm Wf1200hp2 Firmware

    OS
    Nec
    wszystkie wersje
  • Nec Aterm Wf1200hp Firmware

    OS
    Nec
    wszystkie wersje
  • Nec Aterm Wf300hp

    HW
    Nec
    wszystkie wersje
  • Nec Aterm Wf300hp2

    HW
    Nec
    wszystkie wersje
  • Nec Aterm Wf300hp2 Firmware

    OS
    Nec
    wszystkie wersje
  • Nec Aterm Wf300hp Firmware

    OS
    Nec
    wszystkie wersje
  • Nec Aterm Wf800hp

    HW
    Nec
    wszystkie wersje
  • Nec Aterm Wf800hp Firmware

    OS
    Nec
    wszystkie wersje
  • Nec Aterm Wg1200hp

    HW
    Nec
    wszystkie wersje
  • Nec Aterm Wg1200hp2

    HW
    Nec
    wszystkie wersje
  • Nec Aterm Wg1200hp2 Firmware

    OS
    Nec
    wszystkie wersje
  • Nec Aterm Wg1200hp3

    HW
    Nec
    wszystkie wersje
  • Nec Aterm Wg1200hp3 Firmware

    OS
    Nec
    wszystkie wersje
  • Nec Aterm Wg1200hp Firmware

    OS
    Nec
    wszystkie wersje
  • Nec Aterm Wg1200hs

    HW
    Nec
    wszystkie wersje
  • Nec Aterm Wg1200hs2

    HW
    Nec
    wszystkie wersje
  • Nec Aterm Wg1200hs2 Firmware

    OS
    Nec
    wszystkie wersje
  • Nec Aterm Wg1200hs3

    HW
    Nec
    wszystkie wersje
  • Nec Aterm Wg1200hs3 Firmware

    OS
    Nec
    wszystkie wersje
  • Nec Aterm Wg1200hs Firmware

    OS
    Nec
    wszystkie wersje
  • Nec Aterm Wg1400hp

    HW
    Nec
    wszystkie wersje
  • Nec Aterm Wg1400hp Firmware

    OS
    Nec
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-28011CRITICAL9.8PL ✓ten sam produkt

Ukryta funkcjonalność w routerach NEC Aterm umożliwia RCE z uprawnieniami root

CVE-2024-28010CRITICAL9.8PL ✓ten sam produkt

Hardcoded password w routerach NEC Aterm — zdalne wykonanie poleceń OS

CVE-2024-28009CRITICAL9.8PL ✓ten sam produkt

Auth Bypass w NEC Aterm — zdalne wykonanie kodu jako root

CVE-2024-28007CRITICAL9.8PL ✓ten sam produkt

Auth Bypass w NEC Aterm — zdalne wykonanie poleceń jako root

CVE-2024-28012CRITICAL9.8PL ✓ten sam produkt

Auth Bypass w NEC Aterm — zdalne wykonanie kodu jako root