ГлавнаяУязвимости → CVE-2024-28007
9.8критическая

CVE-2024-28007

Описание

Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary command with the root privilege via the internet.

Затрагиваемое ПО
Nec Aterm wg1800hp4 firmwareNec Aterm wg1800hp4Nec Aterm wg1200hs3 firmwareNec Aterm wg1200hs3Nec Aterm wr8750n firmwareNec Aterm wr8750nNec Aterm wr8160n firmwareNec Aterm wr8160nNec Aterm wr9500n firmwareNec Aterm wr9500nNec Aterm wr8600n firmwareNec Aterm wr8600nNec Aterm wr8370n firmwareNec Aterm wr8370nNec Aterm wr8170n firmwareNec Aterm wr8170nNec Aterm wr8700n firmwareNec Aterm wr8700nNec Aterm wr8300n firmwareNec Aterm wr8300nNec Aterm wr8150n firmwareNec Aterm wr8150nNec Aterm wr4100n firmwareNec Aterm wr4100nNec Aterm wr4500n firmware
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://jpn.nec.com/security-info/secinfo/nv24-001_en.htmlhttps://https://jpn.nec.com/security-info/secinfo/nv24-001_en.html