OS Command Injection in NEC Corporation products - CVE-2024-28015
Published: April 5, 2024
Vulnerability identifier: #VU88169
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-28015
CWE-ID: CWE-78
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Aterm CR2500P
Aterm MR01LN
Aterm MR02LN
Aterm W300P
Aterm W1200EX(-MS)
Aterm WF300HP
Aterm WF300HP2
Aterm WF1200HP
Aterm WF1200HP2
Aterm WG300HP
Aterm WG600HP
Aterm WG1200HP
Aterm WG1200HP2
Aterm WG1200HP3
Aterm WG1200HS
Aterm WG1200HS2
Aterm WG1200HS3
Aterm WG1400HP
Aterm WG1800HP
Aterm WG1800HP2
Aterm WG1800HP3
Aterm WG1800HP4
Aterm WG1810HP(JE)
Aterm WG1810HP(MF)
Aterm WG1900HP
Aterm WG1900HP2
Aterm WG2200HP
Aterm WM3400RN
Aterm WM3450RN
Aterm WM3500R
Aterm WM3600R
Aterm WM3800R
Aterm WR1200H
Aterm WR4100N
Aterm WR4500N
Aterm WR6600H
Aterm WR6650S
Aterm WR6670S
Aterm WR7800H
Aterm WR7850S
Aterm WR7870S
Aterm WR8100N
Aterm WR8150N
Aterm WR8160N
Aterm WR8165N
Aterm WR8166N
Aterm WR8170N
Aterm WR8175N
Aterm WR8200N
Aterm WR8300N
Aterm WR8370N
Aterm WR8400N
Aterm WR8500N
Aterm WR8600N
Aterm WR8700N
Aterm WR8750N
Aterm WR9300N
Aterm WR9500N
Aterm WF800HP
Aterm CR2500P
Aterm MR01LN
Aterm MR02LN
Aterm W300P
Aterm W1200EX(-MS)
Aterm WF300HP
Aterm WF300HP2
Aterm WF1200HP
Aterm WF1200HP2
Aterm WG300HP
Aterm WG600HP
Aterm WG1200HP
Aterm WG1200HP2
Aterm WG1200HP3
Aterm WG1200HS
Aterm WG1200HS2
Aterm WG1200HS3
Aterm WG1400HP
Aterm WG1800HP
Aterm WG1800HP2
Aterm WG1800HP3
Aterm WG1800HP4
Aterm WG1810HP(JE)
Aterm WG1810HP(MF)
Aterm WG1900HP
Aterm WG1900HP2
Aterm WG2200HP
Aterm WM3400RN
Aterm WM3450RN
Aterm WM3500R
Aterm WM3600R
Aterm WM3800R
Aterm WR1200H
Aterm WR4100N
Aterm WR4500N
Aterm WR6600H
Aterm WR6650S
Aterm WR6670S
Aterm WR7800H
Aterm WR7850S
Aterm WR7870S
Aterm WR8100N
Aterm WR8150N
Aterm WR8160N
Aterm WR8165N
Aterm WR8166N
Aterm WR8170N
Aterm WR8175N
Aterm WR8200N
Aterm WR8300N
Aterm WR8370N
Aterm WR8400N
Aterm WR8500N
Aterm WR8600N
Aterm WR8700N
Aterm WR8750N
Aterm WR9300N
Aterm WR9500N
Aterm WF800HP
Software vendor:
NEC Corporation
NEC Corporation
Description
The vulnerability allows a remote user to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the web management console. A remote administrator can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install updates from vendor's website.