Improper Authentication Flaw in NEC Corporation Aterm Wireless Routers
CVE-2024-28012

Currently unrated

Key Information:

Vendor: Nec Corporation
Status: Wg1800HP4; Wg1200hs3; Wg1900HP2; Wg1200HP3
Vendor: CVE Published:; 28 March 2024

🔔 Create Nec Corporation Vulnerability Alert

What is CVE-2024-28012?

A vulnerability exists in various Aterm wireless routers from NEC Corporation that allows remote attackers to execute arbitrary commands with root privileges. This is due to an improper authentication flaw in the affected devices, enabling unauthorized access via the internet. Affected devices include a wide range of models, and users are strongly advised to implement the recommended security updates from NEC to mitigate any potential risks associated with this vulnerability.

Affected Version(s)

CR2500P all versions

MR01LN all versions

MR02LN all versions

References

https://jpn.nec.com/security-info/secinfo/nv24-001_en.html

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 28, 2024
Vulnerability Reserved
Feb 29, 2024

Credit

Katsuhiko Sato and Ryo Kashiro of 00One, Inc.