CVE-2024-28010

CRITICAL
Published Mar 28, 2024 Modified Sep 29, 2025 CWE-259

Description

Use of Hard-coded Password in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary OS command via the internet.

CVSS v3.1 Score

9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness Type (CWE)

CWE-259 CWE-259

Affected Products

Vendor Product
nec aterm_wg1800hp4_firmware
nec aterm_wg1800hp4
nec aterm_wg1200hs3_firmware
nec aterm_wg1200hs3
nec aterm_wg1900hp2_firmware
nec aterm_wg1900hp2
nec aterm_wg1200hp3_firmware
nec aterm_wg1200hp3
nec aterm_wg1800hp3_firmware
nec aterm_wg1800hp3
nec aterm_wg1200hs2_firmware
nec aterm_wg1200hs2
nec aterm_wg1900hp_firmware
nec aterm_wg1900hp
nec aterm_wg1200hp2_firmware
nec aterm_wg1200hp2
nec aterm_w1200ex-ms_firmware
nec aterm_w1200ex-ms
nec aterm_wg1200hs_firmware
nec aterm_wg1200hs
nec aterm_wg1200hp_firmware
nec aterm_wg1200hp
nec aterm_wf300hp2_firmware
nec aterm_wf300hp2
nec aterm_w300p_firmware
nec aterm_w300p
nec aterm_wf800hp_firmware
nec aterm_wf800hp
nec aterm_wr8165n_firmware
nec aterm_wr8165n
nec aterm_wg2200hp_firmware
nec aterm_wg2200hp
nec aterm_wf1200hp2_firmware
nec aterm_wf1200hp2
nec aterm_wg1800hp2_firmware
nec aterm_wg1800hp2
nec aterm_wf1200hp_firmware
nec aterm_wf1200hp
nec aterm_wg600hp_firmware
nec aterm_wg600hp
nec aterm_wg300hp_firmware
nec aterm_wg300hp
nec aterm_wf300hp_firmware
nec aterm_wf300hp
nec aterm_wg1800hp_firmware
nec aterm_wg1800hp
nec aterm_wg1400hp_firmware
nec aterm_wg1400hp
nec aterm_wr8175n_firmware
nec aterm_wr8175n
nec aterm_wr9300n_firmware
nec aterm_wr9300n
nec aterm_wr8750n_firmware
nec aterm_wr8750n
nec aterm_wr8160n_firmware
nec aterm_wr8160n
nec aterm_wr9500n_firmware
nec aterm_wr9500n
nec aterm_wr8600n_firmware
nec aterm_wr8600n
nec aterm_wr8370n_firmware
nec aterm_wr8370n
nec aterm_wr8170n_firmware
nec aterm_wr8170n
nec aterm_wr8700n_firmware
nec aterm_wr8700n
nec aterm_wr8300n_firmware
nec aterm_wr8300n
nec aterm_wr8150n_firmware
nec aterm_wr8150n
nec aterm_wr4100n_firmware
nec aterm_wr4100n
nec aterm_wr4500n_firmware
nec aterm_wr4500n
nec aterm_wr8100n_firmware
nec aterm_wr8100n
nec aterm_wr8500n_firmware
nec aterm_wr8500n
nec aterm_cr2500p_firmware
nec aterm_cr2500p
nec aterm_wr8400n_firmware
nec aterm_wr8400n
nec aterm_wr8200n_firmware
nec aterm_wr8200n
nec aterm_wr1200h_firmware
nec aterm_wr1200h
nec aterm_wr7870s_firmware
nec aterm_wr7870s
nec aterm_wr6670s_firmware
nec aterm_wr6670s
nec aterm_wr7850s_firmware
nec aterm_wr7850s
nec aterm_wr6650s_firmware
nec aterm_wr6650s
nec aterm_wr6600h_firmware
nec aterm_wr6600h
nec aterm_wr7800h_firmware
nec aterm_wr7800h
nec aterm_wm3400rn_firmware
nec aterm_wm3400rn
nec aterm_wm3450rn_firmware
nec aterm_wm3450rn
nec aterm_wm3500r_firmware
nec aterm_wm3500r
nec aterm_wm3600r_firmware
nec aterm_wm3600r
nec aterm_wm3800r_firmware
nec aterm_wm3800r
nec aterm_wr8166n_firmware
nec aterm_wr8166n
nec aterm_mr01ln_firmware
nec aterm_mr01ln
nec aterm_mr02ln_firmware
nec aterm_mr02ln
nec aterm_wg1810hp\(je\)_firmware
nec aterm_wg1810hp\(je\)
nec aterm_wg1810hp\(mf\)_firmware
nec aterm_wg1810hp\(mf\)

References

Frequently Asked Questions

What is CVE-2024-28010? +
Use of Hard-coded Password in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary OS command via the internet. It has a CVSS v3.1 base score of 9.8 (CRITICAL).
How severe is CVE-2024-28010? +
CVE-2024-28010 has a CVSS v3.1 score of 9.8 out of 10, rated CRITICAL. This is a critical vulnerability that should be patched immediately.
What products are affected by CVE-2024-28010? +
CVE-2024-28010 affects products from nec, specifically: aterm_cr2500p, aterm_cr2500p_firmware, aterm_mr01ln, aterm_mr01ln_firmware, aterm_mr02ln, aterm_mr02ln_firmware, aterm_w1200ex-ms, aterm_w1200ex-ms_firmware, aterm_w300p, aterm_w300p_firmware, aterm_wf1200hp, aterm_wf1200hp2, aterm_wf1200hp2_firmware, aterm_wf1200hp_firmware, aterm_wf300hp, aterm_wf300hp2, aterm_wf300hp2_firmware, aterm_wf300hp_firmware, aterm_wf800hp, aterm_wf800hp_firmware, aterm_wg1200hp, aterm_wg1200hp2, aterm_wg1200hp2_firmware, aterm_wg1200hp3, aterm_wg1200hp3_firmware, aterm_wg1200hp_firmware, aterm_wg1200hs, aterm_wg1200hs2, aterm_wg1200hs2_firmware, aterm_wg1200hs3, aterm_wg1200hs3_firmware, aterm_wg1200hs_firmware, aterm_wg1400hp, aterm_wg1400hp_firmware, aterm_wg1800hp, aterm_wg1800hp2, aterm_wg1800hp2_firmware, aterm_wg1800hp3, aterm_wg1800hp3_firmware, aterm_wg1800hp4, aterm_wg1800hp4_firmware, aterm_wg1800hp_firmware, aterm_wg1810hp\(je\), aterm_wg1810hp\(je\)_firmware, aterm_wg1810hp\(mf\), aterm_wg1810hp\(mf\)_firmware, aterm_wg1900hp, aterm_wg1900hp2, aterm_wg1900hp2_firmware, aterm_wg1900hp_firmware, aterm_wg2200hp, aterm_wg2200hp_firmware, aterm_wg300hp, aterm_wg300hp_firmware, aterm_wg600hp, aterm_wg600hp_firmware, aterm_wm3400rn, aterm_wm3400rn_firmware, aterm_wm3450rn, aterm_wm3450rn_firmware, aterm_wm3500r, aterm_wm3500r_firmware, aterm_wm3600r, aterm_wm3600r_firmware, aterm_wm3800r, aterm_wm3800r_firmware, aterm_wr1200h, aterm_wr1200h_firmware, aterm_wr4100n, aterm_wr4100n_firmware, aterm_wr4500n, aterm_wr4500n_firmware, aterm_wr6600h, aterm_wr6600h_firmware, aterm_wr6650s, aterm_wr6650s_firmware, aterm_wr6670s, aterm_wr6670s_firmware, aterm_wr7800h, aterm_wr7800h_firmware, aterm_wr7850s, aterm_wr7850s_firmware, aterm_wr7870s, aterm_wr7870s_firmware, aterm_wr8100n, aterm_wr8100n_firmware, aterm_wr8150n, aterm_wr8150n_firmware, aterm_wr8160n, aterm_wr8160n_firmware, aterm_wr8165n, aterm_wr8165n_firmware, aterm_wr8166n, aterm_wr8166n_firmware, aterm_wr8170n, aterm_wr8170n_firmware, aterm_wr8175n, aterm_wr8175n_firmware, aterm_wr8200n, aterm_wr8200n_firmware, aterm_wr8300n, aterm_wr8300n_firmware, aterm_wr8370n, aterm_wr8370n_firmware, aterm_wr8400n, aterm_wr8400n_firmware, aterm_wr8500n, aterm_wr8500n_firmware, aterm_wr8600n, aterm_wr8600n_firmware, aterm_wr8700n, aterm_wr8700n_firmware, aterm_wr8750n, aterm_wr8750n_firmware, aterm_wr9300n, aterm_wr9300n_firmware, aterm_wr9500n, aterm_wr9500n_firmware. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2024-28010? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-3920

A vulnerability was identified in SUR-FBD CMMS where hard-coded credentials were found within a compiled DLL file. These credentials correspond …
CVE-2024-32741 10.0

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains hard coded password …
CVE-2025-20286 9.9

A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services …
CVE-2025-11126 9.8

A security flaw has been discovered in Apeman ID71 218.53.203.117. This vulnerability affects unknown code of the file /system/www/system.ini. The …
CVE-2023-37231 9.8

Loftware Spectrum before 4.6 HF14 uses a Hard-coded Password.
CVE-2024-42639 9.8

H3C GR1100-P v100R009 was discovered to use a hardcoded password in /etc/shadow, which allows attackers to log in as root.

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2024-28010 — free, no signup required.

Start Free Scan