1. Home
  2. CVE Database
  3. CVE-2024-28015
CRITICAL · 9.8

CVE-2024-28015

Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(...

Vulnerability Description

Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary OS command with the root privilege via the internet.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
NecAterm Wg1800Hp4 Firmware-
NecAterm Wg1800Hp4-
NecAterm Wg1200Hs3 Firmware-
NecAterm Wg1200Hs3-
NecAterm Wg1900Hp2 Firmware-
NecAterm Wg1900Hp2-
NecAterm Wg1200Hp3 Firmware-
NecAterm Wg1200Hp3-
NecAterm Wg1800Hp3 Firmware-
NecAterm Wg1800Hp3-
NecAterm Wr7850S Firmware-
NecAterm Wr7850S-
NecAterm Wr6650S Firmware-
NecAterm Wr6650S-
NecAterm Wr6600H Firmware-
NecAterm Wr6600H-
NecAterm Wr7800H Firmware-
NecAterm Wr7800H-
NecAterm Wm3400Rn Firmware-
NecAterm Wm3400Rn-

Related Weaknesses (CWE)

CWE-78

References

FAQ

What is CVE-2024-28015?

CVE-2024-28015 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(...

How severe is CVE-2024-28015?

CVE-2024-28015 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2024-28015?

Check the references section above for vendor advisories and patch information. Affected products include: Nec Aterm Wg1800Hp4 Firmware, Nec Aterm Wg1800Hp4, Nec Aterm Wg1200Hs3 Firmware, Nec Aterm Wg1200Hs3, Nec Aterm Wg1900Hp2 Firmware.