ID

VAR-202403-1178


CVE

CVE-2024-28007


TITLE

NEC Aterm Multiple vulnerabilities in series

Trust: 0.8

sources: JVNDB: JVNDB-2024-000037

DESCRIPTION

Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary command with the root privilege via the internet. None

Trust: 1.62

sources: NVD: CVE-2024-28007 // JVNDB: JVNDB-2024-000037

AFFECTED PRODUCTS

vendor:日本電気model:aterm wg1810hpscope: - version: -

Trust: 1.6

vendor:日本電気model:aterm wm3600rscope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wr6600hscope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wf300hp2scope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wg1200hp3scope: - version: -

Trust: 0.8

vendor:日本電気model:aterm cr2500pscope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wr1200hscope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wr8170nscope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wr4500nscope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wf1200hp2scope: - version: -

Trust: 0.8

vendor:日本電気model:aterm mr01lnscope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wr4100nscope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wg1400hpscope: - version: -

Trust: 0.8

vendor:日本電気model:aterm w300pscope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wr7800hscope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wg300hpscope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wf800hpscope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wr8400nscope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wr8175nscope: - version: -

Trust: 0.8

vendor:日本電気model:aterm mr02lnscope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wr8370nscope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wg1200hs2scope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wr8100nscope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wg1200hsscope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wm3800rscope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wg1800hp3scope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wm3500rscope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wr8200nscope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wr6670sscope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wf1200hpscope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wr7850sscope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wr8600nscope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wr8500nscope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wr8700nscope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wg1200hs3scope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wg600hpscope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wg1800hpscope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wr7870sscope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wg1800hp4scope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wg1900hpscope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wg2200hpscope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wg1200hp2scope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wr8150nscope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wr8750nscope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wr6650sscope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wg1800hp2scope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wr8166nscope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wg1900hp2scope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wr9500nscope:eqversion: -

Trust: 0.8

vendor:日本電気model:aterm wm3400rnscope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wr8165nscope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wr8300nscope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wr8160nscope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wr9300nscope: - version: -

Trust: 0.8

vendor:日本電気model:aterm w1200exscope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wg1200hpscope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wm3450rnscope: - version: -

Trust: 0.8

vendor:日本電気model:aterm wf300hpscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2024-000037

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-28007
value: CRITICAL

Trust: 1.0

IPA: JVNDB-2024-000037
value: HIGH

Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-28007
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

IPA: JVNDB-2024-000037
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-000037 // NVD: CVE-2024-28007

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.0

problemtype:OS Command injection (CWE-78) [IPA evaluation ]

Trust: 0.8

problemtype: Buffer error (CWE-119) [IPA evaluation ]

Trust: 0.8

problemtype: information leak (CWE-200) [IPA evaluation ]

Trust: 0.8

problemtype: Inappropriate authentication (CWE-287) [IPA evaluation ]

Trust: 0.8

problemtype: others (CWE-Other) [IPA evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-000037 // NVD: CVE-2024-28007

PATCH

title:Information from NEC Corporation NEC Product security informationurl:https://jvn.jp/jp/JVN82074338/6443/index.html

Trust: 0.8

sources: JVNDB: JVNDB-2024-000037

EXTERNAL IDS

db:NVDid:CVE-2024-28007

Trust: 1.8

db:JVNid:JVN82074338

Trust: 0.8

db:JVNDBid:JVNDB-2024-000037

Trust: 0.8

sources: JVNDB: JVNDB-2024-000037 // NVD: CVE-2024-28007

REFERENCES

url:https://https://jpn.nec.com/security-info/secinfo/nv24-001_en.html

Trust: 1.0

url:https://jvn.jp/jp/jvn82074338/index.html

Trust: 0.8

sources: JVNDB: JVNDB-2024-000037 // NVD: CVE-2024-28007

SOURCES

db:JVNDBid:JVNDB-2024-000037
db:NVDid:CVE-2024-28007

LAST UPDATE DATE

2024-08-14T13:19:19.208000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2024-000037date:2024-04-05T03:20:00
db:NVDid:CVE-2024-28007date:2024-08-01T13:48:55.777

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2024-000037date:2024-04-05T00:00:00
db:NVDid:CVE-2024-28007date:2024-03-28T01:15:47.250