CVE-2024-28008

Summary

Active Debug Code in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary OS command via the internet.

Affected Software

VendorProductVersion RangeStatus
NEC CorporationWG1800HP4all versionsaffected
NEC CorporationWG1200HS3all versionsaffected
NEC CorporationWG1900HP2all versionsaffected
NEC CorporationWG1200HP3all versionsaffected
NEC CorporationWG1800HP3all versionsaffected
NEC CorporationWG1200HS2all versionsaffected
NEC CorporationWG1900HPall versionsaffected
NEC CorporationWG1200HP2all versionsaffected
NEC CorporationW1200EX(-MS)all versionsaffected
NEC CorporationWG1200HSall versionsaffected
NEC CorporationWG1200HPall versionsaffected
NEC CorporationWF300HP2all versionsaffected
NEC CorporationW300Pall versionsaffected
NEC CorporationWF800HPall versionsaffected
NEC CorporationWR8165Nall versionsaffected
NEC CorporationWG2200HPall versionsaffected
NEC CorporationWF1200HP2all versionsaffected
NEC CorporationWG1800HP2all versionsaffected
NEC CorporationWF1200HPall versionsaffected
NEC CorporationWG600HPall versionsaffected
NEC CorporationWG300HPall versionsaffected
NEC CorporationWF300HPall versionsaffected
NEC CorporationWG1800HPall versionsaffected
NEC CorporationWG1400HPall versionsaffected
NEC CorporationWR8175Nall versionsaffected
NEC CorporationWR9300Nall versionsaffected
NEC CorporationWR8750Nall versionsaffected
NEC CorporationWR8160Nall versionsaffected
NEC CorporationWR9500Nall versionsaffected
NEC CorporationWR8600Nall versionsaffected
NEC CorporationWR8370Nall versionsaffected
NEC CorporationWR8170Nall versionsaffected
NEC CorporationWR8700Nall versionsaffected
NEC CorporationWR8300Nall versionsaffected
NEC CorporationWR8150Nall versionsaffected
NEC CorporationWR4100Nall versionsaffected
NEC CorporationWR4500Nall versionsaffected
NEC CorporationWR8100Nall versionsaffected
NEC CorporationWR8500Nall versionsaffected
NEC CorporationCR2500Pall versionsaffected
NEC CorporationWR8400Nall versionsaffected
NEC CorporationWR8200Nall versionsaffected
NEC CorporationWR1200Hall versionsaffected
NEC CorporationWR7870Sall versionsaffected
NEC CorporationWR6670Sall versionsaffected
NEC CorporationWR7850Sall versionsaffected
NEC CorporationWR6650Sall versionsaffected
NEC CorporationWR6600Hall versionsaffected
NEC CorporationWR7800Hall versionsaffected
NEC CorporationWM3400RNall versionsaffected
NEC CorporationWM3450RNall versionsaffected
NEC CorporationWM3500Rall versionsaffected
NEC CorporationWM3600Rall versionsaffected
NEC CorporationWM3800Rall versionsaffected
NEC CorporationWR8166Nall versionsaffected
NEC CorporationMR01LNall versionsaffected
NEC CorporationMR02LNall versionsaffected
NEC CorporationWG1810HP(JE)all versionsaffected
NEC CorporationWG1810HP(MF)all versionsaffected

Weaknesses

  • CWE-489: CWE-489: Active Debug Code

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References