Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-28015

Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary OS command with the root privilege via the internet.

Security Impact Summary

This vulnerability carries a CRITICAL severity rating with a CVSS v3.1 score of 9.8, indicating it can be exploited remotely over the network with relatively low complexity without requiring user interaction and does not require pre-existing privileges . The vulnerability impacts confidentiality (data exposure), integrity (unauthorized modifications), and availability (service disruption) for affected systems. Impacting 118 products from nec, from nec, from nec and 115 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2024, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2024-03-28T01:15:47.843

Last Modified

2025-09-29T12:59:48.487

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Secondary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	nec	aterm_wg1800hp4_firmware	-	Yes
Hardware	nec	aterm_wg1800hp4	-	No
Operating System	nec	aterm_wg1200hs3_firmware	-	Yes
Hardware	nec	aterm_wg1200hs3	-	No
Operating System	nec	aterm_wg1900hp2_firmware	-	Yes
Hardware	nec	aterm_wg1900hp2	-	No
Operating System	nec	aterm_wg1200hp3_firmware	-	Yes
Hardware	nec	aterm_wg1200hp3	-	No
Operating System	nec	aterm_wg1800hp3_firmware	-	Yes
Hardware	nec	aterm_wg1800hp3	-	No
Operating System	nec	aterm_wr7850s_firmware	-	Yes
Hardware	nec	aterm_wr7850s	-	No
Operating System	nec	aterm_wr6650s_firmware	-	Yes
Hardware	nec	aterm_wr6650s	-	No
Operating System	nec	aterm_wr6600h_firmware	-	Yes
Hardware	nec	aterm_wr6600h	-	No
Operating System	nec	aterm_wr7800h_firmware	-	Yes
Hardware	nec	aterm_wr7800h	-	No
Operating System	nec	aterm_wm3400rn_firmware	-	Yes
Hardware	nec	aterm_wm3400rn	-	No
Operating System	nec	aterm_wm3450rn_firmware	-	Yes
Hardware	nec	aterm_wm3450rn	-	No
Operating System	nec	aterm_wm3500r_firmware	-	Yes
Hardware	nec	aterm_wm3500r	-	No
Operating System	nec	aterm_wm3600r_firmware	-	Yes
Hardware	nec	aterm_wm3600r	-	No
Operating System	nec	aterm_wm3800r_firmware	-	Yes
Hardware	nec	aterm_wm3800r	-	No
Operating System	nec	aterm_wr8166n_firmware	-	Yes
Hardware	nec	aterm_wr8166n	-	No
Operating System	nec	aterm_mr01ln_firmware	-	Yes
Hardware	nec	aterm_mr01ln	-	No
Operating System	nec	aterm_mr02ln_firmware	-	Yes
Hardware	nec	aterm_mr02ln	-	No
Operating System	nec	aterm_wg1810hp\(je\)_firmware	-	Yes
Hardware	nec	aterm_wg1810hp\(je\)	-	No
Operating System	nec	aterm_wg1810hp\(mf\)_firmware	-	Yes
Hardware	nec	aterm_wg1810hp\(mf\)	-	No
Operating System	nec	aterm_wg1200hs2_firmware	-	Yes
Hardware	nec	aterm_wg1200hs2	-	No
Operating System	nec	aterm_wg1900hp_firmware	-	Yes
Hardware	nec	aterm_wg1900hp	-	No
Operating System	nec	aterm_wg1200hp2_firmware	-	Yes
Hardware	nec	aterm_wg1200hp2	-	No
Operating System	nec	aterm_w1200ex-ms_firmware	-	Yes
Hardware	nec	aterm_w1200ex-ms	-	No
Operating System	nec	aterm_wg1200hs_firmware	-	Yes
Hardware	nec	aterm_wg1200hs	-	No
Operating System	nec	aterm_wg1200hp_firmware	-	Yes
Hardware	nec	aterm_wg1200hp	-	No
Operating System	nec	aterm_wf300hp2_firmware	-	Yes
Hardware	nec	aterm_wf300hp2	-	No
Operating System	nec	aterm_w300p_firmware	-	Yes
Hardware	nec	aterm_w300p	-	No
Operating System	nec	aterm_wf800hp_firmware	-	Yes
Hardware	nec	aterm_wf800hp	-	No
Operating System	nec	aterm_wr8165n_firmware	-	Yes
Hardware	nec	aterm_wr8165n	-	No
Operating System	nec	aterm_wg2200hp_firmware	-	Yes
Hardware	nec	aterm_wg2200hp	-	No
Operating System	nec	aterm_wf1200hp2_firmware	-	Yes
Hardware	nec	aterm_wf1200hp2	-	No
Operating System	nec	aterm_wg1800hp2_firmware	-	Yes
Hardware	nec	aterm_wg1800hp2	-	No
Operating System	nec	aterm_wf1200hp_firmware	-	Yes
Hardware	nec	aterm_wf1200hp	-	No
Operating System	nec	aterm_wg600hp_firmware	-	Yes
Hardware	nec	aterm_wg600hp	-	No
Operating System	nec	aterm_wg300hp_firmware	-	Yes
Hardware	nec	aterm_wg300hp	-	No
Operating System	nec	aterm_wf300hp_firmware	-	Yes
Hardware	nec	aterm_wf300hp	-	No
Operating System	nec	aterm_wg1800hp_firmware	-	Yes
Hardware	nec	aterm_wg1800hp	-	No
Operating System	nec	aterm_wg1400hp_firmware	-	Yes
Hardware	nec	aterm_wg1400hp	-	No
Operating System	nec	aterm_wr8175n_firmware	-	Yes
Hardware	nec	aterm_wr8175n	-	No
Operating System	nec	aterm_wr9300n_firmware	-	Yes
Hardware	nec	aterm_wr9300n	-	No
Operating System	nec	aterm_wr8750n_firmware	-	Yes
Hardware	nec	aterm_wr8750n	-	No
Operating System	nec	aterm_wr8160n_firmware	-	Yes
Hardware	nec	aterm_wr8160n	-	No
Operating System	nec	aterm_wr9500n_firmware	-	Yes
Hardware	nec	aterm_wr9500n	-	No
Operating System	nec	aterm_wr8600n_firmware	-	Yes
Hardware	nec	aterm_wr8600n	-	No
Operating System	nec	aterm_wr8370n_firmware	-	Yes
Hardware	nec	aterm_wr8370n	-	No
Operating System	nec	aterm_wr8170n_firmware	-	Yes
Hardware	nec	aterm_wr8170n	-	No
Operating System	nec	aterm_wr8700n_firmware	-	Yes
Hardware	nec	aterm_wr8700n	-	No
Operating System	nec	aterm_wr8300n_firmware	-	Yes
Hardware	nec	aterm_wr8300n	-	No
Operating System	nec	aterm_wr8150n_firmware	-	Yes
Hardware	nec	aterm_wr8150n	-	No
Operating System	nec	aterm_wr4100n_firmware	-	Yes
Hardware	nec	aterm_wr4100n	-	No
Operating System	nec	aterm_wr4500n_firmware	-	Yes
Hardware	nec	aterm_wr4500n	-	No
Operating System	nec	aterm_wr8100n_firmware	-	Yes
Hardware	nec	aterm_wr8100n	-	No
Operating System	nec	aterm_wr8500n_firmware	-	Yes
Hardware	nec	aterm_wr8500n	-	No
Operating System	nec	aterm_cr2500p_firmware	-	Yes
Hardware	nec	aterm_cr2500p	-	No
Operating System	nec	aterm_wr8400n_firmware	-	Yes
Hardware	nec	aterm_wr8400n	-	No
Operating System	nec	aterm_wr8200n_firmware	-	Yes
Hardware	nec	aterm_wr8200n	-	No
Operating System	nec	aterm_wr1200h_firmware	-	Yes
Hardware	nec	aterm_wr1200h	-	No
Operating System	nec	aterm_wr7870s_firmware	-	Yes
Hardware	nec	aterm_wr7870s	-	No
Operating System	nec	aterm_wr6670s_firmware	-	Yes
Hardware	nec	aterm_wr6670s	-	No

References

https://jpn.nec.com/security-info/secinfo/nv24-001_en.html Vendor Advisory ([email protected])
https://https://jpn.nec.com/security-info/secinfo/nv24-001_en.html Broken Link (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For nec's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.