ГлавнаяУязвимости → CVE-2024-28015
9.8критическая

CVE-2024-28015

Описание

Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary OS command with the root privilege via the internet.

Затрагиваемое ПО
Nec Aterm wg1800hp4 firmwareNec Aterm wg1800hp4Nec Aterm wg1200hs3 firmwareNec Aterm wg1200hs3Nec Aterm wg1900hp2 firmwareNec Aterm wg1900hp2Nec Aterm wg1200hp3 firmwareNec Aterm wg1200hp3Nec Aterm wg1800hp3 firmwareNec Aterm wg1800hp3Nec Aterm wr7850s firmwareNec Aterm wr7850sNec Aterm wr6650s firmwareNec Aterm wr6650sNec Aterm wr6600h firmwareNec Aterm wr6600hNec Aterm wr7800h firmwareNec Aterm wr7800hNec Aterm wm3400rn firmwareNec Aterm wm3400rnNec Aterm wm3450rn firmwareNec Aterm wm3450rnNec Aterm wm3500r firmwareNec Aterm wm3500rNec Aterm wm3600r firmware
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://jpn.nec.com/security-info/secinfo/nv24-001_en.htmlhttps://https://jpn.nec.com/security-info/secinfo/nv24-001_en.html