CRITICAL🇵🇱 Wersja polska

CVE-2024-28010

CVSS 9.8v3.1pub. 2024-03-28upd. 2025-09-29

Use of Hard-coded Password in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary OS command via the internet.

🤖 AI Analysis
How it works

The manufacturer embedded a fixed, immutable password in the firmware that cannot be changed by the user. An attacker knowing this password can authenticate to the device without any additional privileges (PR:N) and without user interaction (UI:N). After authentication, it is possible to send a crafted request over the internet, resulting in execution of arbitrary operating system commands on the vulnerable device.

Impact

The attacker gains full control over the device — it is possible to intercept network traffic, modify configuration, install malicious software, or use the device as an entry point to the internal network (lateral movement). The consequences include breach of confidentiality, integrity, and system availability.

Mitigation & patch

Patches available from the manufacturer should be applied according to the references (https://jpn.nec.com/security-info/secinfo/nv24-001_en.html). Until the update is implemented, it is recommended to block access to the device management panel from the internet (firewall, WAN traffic filtering) and to segment the network to limit potential consequences of compromise.

Who is affected

All firmware versions of the following NEC Corporation Aterm devices: WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN, MR02LN, WG1810HP(JE) and WG1810HP(MF) — all versions.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Nec Aterm Cr2500p

    HW
    Nec
    wszystkie wersje
  • Nec Aterm Cr2500p Firmware

    OS
    Nec
    wszystkie wersje
  • Nec Aterm W1200ex Ms

    HW
    Nec
    wszystkie wersje
  • Nec Aterm W1200ex Ms Firmware

    OS
    Nec
    wszystkie wersje
  • Nec Aterm W300p

    HW
    Nec
    wszystkie wersje
  • Nec Aterm W300p Firmware

    OS
    Nec
    wszystkie wersje
  • Nec Aterm Wf1200hp

    HW
    Nec
    wszystkie wersje
  • Nec Aterm Wf1200hp2

    HW
    Nec
    wszystkie wersje
  • Nec Aterm Wf1200hp2 Firmware

    OS
    Nec
    wszystkie wersje
  • Nec Aterm Wf1200hp Firmware

    OS
    Nec
    wszystkie wersje
  • Nec Aterm Wf300hp

    HW
    Nec
    wszystkie wersje
  • Nec Aterm Wf300hp2

    HW
    Nec
    wszystkie wersje
  • Nec Aterm Wf300hp2 Firmware

    OS
    Nec
    wszystkie wersje
  • Nec Aterm Wf300hp Firmware

    OS
    Nec
    wszystkie wersje
  • Nec Aterm Wf800hp

    HW
    Nec
    wszystkie wersje
  • Nec Aterm Wf800hp Firmware

    OS
    Nec
    wszystkie wersje
  • Nec Aterm Wg1200hp

    HW
    Nec
    wszystkie wersje
  • Nec Aterm Wg1200hp2

    HW
    Nec
    wszystkie wersje
  • Nec Aterm Wg1200hp2 Firmware

    OS
    Nec
    wszystkie wersje
  • Nec Aterm Wg1200hp3

    HW
    Nec
    wszystkie wersje
  • Nec Aterm Wg1200hp3 Firmware

    OS
    Nec
    wszystkie wersje
  • Nec Aterm Wg1200hp Firmware

    OS
    Nec
    wszystkie wersje
  • Nec Aterm Wg1200hs

    HW
    Nec
    wszystkie wersje
  • Nec Aterm Wg1200hs2

    HW
    Nec
    wszystkie wersje
  • Nec Aterm Wg1200hs2 Firmware

    OS
    Nec
    wszystkie wersje
  • Nec Aterm Wg1200hs3

    HW
    Nec
    wszystkie wersje
  • Nec Aterm Wg1200hs3 Firmware

    OS
    Nec
    wszystkie wersje
  • Nec Aterm Wg1200hs Firmware

    OS
    Nec
    wszystkie wersje
  • Nec Aterm Wg1400hp

    HW
    Nec
    wszystkie wersje
  • Nec Aterm Wg1400hp Firmware

    OS
    Nec
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-28011CRITICAL9.8PL ✓ten sam produkt

Ukryta funkcjonalność w routerach NEC Aterm umożliwia RCE z uprawnieniami root

CVE-2024-28009CRITICAL9.8PL ✓ten sam produkt

Auth Bypass w NEC Aterm — zdalne wykonanie kodu jako root

CVE-2024-28008CRITICAL9.8PL ✓ten sam produkt

Active Debug Code w routerach NEC Aterm — zdalne wykonanie poleceń OS

CVE-2024-28007CRITICAL9.8PL ✓ten sam produkt

Auth Bypass w NEC Aterm — zdalne wykonanie poleceń jako root

CVE-2024-28012CRITICAL9.8PL ✓ten sam produkt

Auth Bypass w NEC Aterm — zdalne wykonanie kodu jako root