Description
Use of Hard-coded Password in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary OS command via the internet.
Reserved 2024-02-29 | Published 2024-03-28 | Updated 2024-08-02 | Assigner
NECProblem types
CWE-259: Use of Hard-coded Password
Product status
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Default status
unknown
all versions
affected
Credits
Katsuhiko Sato and Ryo Kashiro of 00One, Inc. reporter
References
https//jpn.nec.com/security-info/secinfo/nv24-001_en.html
cve.org (CVE-2024-28010)
nvd.nist.gov (CVE-2024-28010)
Download JSON
