Arbitrary Command Execution in NEC Aterm Routers and Gateways
CVE-2024-28008

9.8CRITICAL

Key Information:

Vendor: Nec Corporation
Status: Wg1800HP4; Wg1200hs3; Wg1900HP2; Wg1200HP3
Vendor: CVE Published:; 28 March 2024

🔔 Create Nec Corporation Vulnerability Alert

What is CVE-2024-28008?

A security vulnerability in various models of NEC Corporation's Aterm Routers and Gateways allows attackers to execute arbitrary operating system commands over the internet by exploiting active debug code in the affected devices. This vulnerability poses a significant risk, as unauthorized command execution could lead to further exploitation and compromise of network integrity. Users are advised to implement appropriate mitigations and stay informed about updates from NEC Corporation regarding this issue.

Affected Version(s)

CR2500P all versions

MR01LN all versions

MR02LN all versions

References

https://jpn.nec.com/security-info/secinfo/nv24-001_en.html

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 28, 2024
Vulnerability Reserved
Feb 29, 2024

Credit

Katsuhiko Sato and Ryo Kashiro of 00One, Inc. and Takayuki Sasaki and Katsunari Yoshioka of Yokohama National University.