9.8

CVE-2024-28015

Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary OS command with the root privilege via the internet.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NecAterm Wg1800hp4 Firmware Version-
   NecAterm Wg1800hp4 Version-
NecAterm Wg1200hs3 Firmware Version-
   NecAterm Wg1200hs3 Version-
NecAterm Wg1900hp2 Firmware Version-
   NecAterm Wg1900hp2 Version-
NecAterm Wg1200hp3 Firmware Version-
   NecAterm Wg1200hp3 Version-
NecAterm Wg1800hp3 Firmware Version-
   NecAterm Wg1800hp3 Version-
NecAterm Wr7850s Firmware Version-
   NecAterm Wr7850s Version-
NecAterm Wr6650s Firmware Version-
   NecAterm Wr6650s Version-
NecAterm Wr6600h Firmware Version-
   NecAterm Wr6600h Version-
NecAterm Wr7800h Firmware Version-
   NecAterm Wr7800h Version-
NecAterm Wm3400rn Firmware Version-
   NecAterm Wm3400rn Version-
NecAterm Wm3450rn Firmware Version-
   NecAterm Wm3450rn Version-
NecAterm Wm3500r Firmware Version-
   NecAterm Wm3500r Version-
NecAterm Wm3600r Firmware Version-
   NecAterm Wm3600r Version-
NecAterm Wm3800r Firmware Version-
   NecAterm Wm3800r Version-
NecAterm Wr8166n Firmware Version-
   NecAterm Wr8166n Version-
NecAterm Mr01ln Firmware Version-
   NecAterm Mr01ln Version-
NecAterm Mr02ln Firmware Version-
   NecAterm Mr02ln Version-
NecAterm Wg1810hp(je) Firmware Version-
   NecAterm Wg1810hp(je) Version-
NecAterm Wg1810hp(mf) Firmware Version-
   NecAterm Wg1810hp(mf) Version-
NecAterm Wg1200hs2 Firmware Version-
   NecAterm Wg1200hs2 Version-
NecAterm Wg1900hp Firmware Version-
   NecAterm Wg1900hp Version-
NecAterm Wg1200hp2 Firmware Version-
   NecAterm Wg1200hp2 Version-
NecAterm W1200ex-ms Firmware Version-
   NecAterm W1200ex-ms Version-
NecAterm Wg1200hs Firmware Version-
   NecAterm Wg1200hs Version-
NecAterm Wg1200hp Firmware Version-
   NecAterm Wg1200hp Version-
NecAterm Wf300hp2 Firmware Version-
   NecAterm Wf300hp2 Version-
NecAterm W300p Firmware Version-
   NecAterm W300p Version-
NecAterm Wf800hp Firmware Version-
   NecAterm Wf800hp Version-
NecAterm Wr8165n Firmware Version-
   NecAterm Wr8165n Version-
NecAterm Wg2200hp Firmware Version-
   NecAterm Wg2200hp Version-
NecAterm Wf1200hp2 Firmware Version-
   NecAterm Wf1200hp2 Version-
NecAterm Wg1800hp2 Firmware Version-
   NecAterm Wg1800hp2 Version-
NecAterm Wf1200hp Firmware Version-
   NecAterm Wf1200hp Version-
NecAterm Wg600hp Firmware Version-
   NecAterm Wg600hp Version-
NecAterm Wg300hp Firmware Version-
   NecAterm Wg300hp Version-
NecAterm Wf300hp Firmware Version-
   NecAterm Wf300hp Version-
NecAterm Wg1800hp Firmware Version-
   NecAterm Wg1800hp Version-
NecAterm Wg1400hp Firmware Version-
   NecAterm Wg1400hp Version-
NecAterm Wr8175n Firmware Version-
   NecAterm Wr8175n Version-
NecAterm Wr9300n Firmware Version-
   NecAterm Wr9300n Version-
NecAterm Wr8750n Firmware Version-
   NecAterm Wr8750n Version-
NecAterm Wr8160n Firmware Version-
   NecAterm Wr8160n Version-
NecAterm Wr9500n Firmware Version-
   NecAterm Wr9500n Version-
NecAterm Wr8600n Firmware Version-
   NecAterm Wr8600n Version-
NecAterm Wr8370n Firmware Version-
   NecAterm Wr8370n Version-
NecAterm Wr8170n Firmware Version-
   NecAterm Wr8170n Version-
NecAterm Wr8700n Firmware Version-
   NecAterm Wr8700n Version-
NecAterm Wr8300n Firmware Version-
   NecAterm Wr8300n Version-
NecAterm Wr8150n Firmware Version-
   NecAterm Wr8150n Version-
NecAterm Wr4100n Firmware Version-
   NecAterm Wr4100n Version-
NecAterm Wr4500n Firmware Version-
   NecAterm Wr4500n Version-
NecAterm Wr8100n Firmware Version-
   NecAterm Wr8100n Version-
NecAterm Wr8500n Firmware Version-
   NecAterm Wr8500n Version-
NecAterm Cr2500p Firmware Version-
   NecAterm Cr2500p Version-
NecAterm Wr8400n Firmware Version-
   NecAterm Wr8400n Version-
NecAterm Wr8200n Firmware Version-
   NecAterm Wr8200n Version-
NecAterm Wr1200h Firmware Version-
   NecAterm Wr1200h Version-
NecAterm Wr7870s Firmware Version-
   NecAterm Wr7870s Version-
NecAterm Wr6670s Firmware Version-
   NecAterm Wr6670s Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.79% 0.731
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.