Arbitrary Script Execution Vulnerability in Aterm Products by NEC
CVE-2024-28005

4.7MEDIUM

Key Information:

Vendor: Nec Corporation
Status: Wg1800HP4; Wg1200hs3; Wg1900HP2; Wg1200HP3
Vendor: CVE Published:; 28 March 2024

🔔 Create Nec Corporation Vulnerability Alert

What is CVE-2024-28005?

The arbitrary script execution vulnerability in various Aterm products by NEC allows attackers with high privileges to execute arbitrary scripts. This can lead to unauthorized access and control over affected devices. Security measures are crucial to mitigate the risk associated with this vulnerability. Users are advised to apply available patches and update their devices promptly.

Affected Version(s)

CR2500P all versions

MR01LN all versions

MR02LN all versions

References

https://jpn.nec.com/security-info/secinfo/nv24-001_en.html

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 28, 2024
Vulnerability Reserved
Feb 29, 2024

Credit

Katsuhiko Sato and Ryo Kashiro of 00One, Inc. and Takayuki Sasaki and Katsunari Yoshioka of Yokohama National University.