CVE-2024-28013

Use of Insufficiently Random Values vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to change settings via the internet.

Published: 2024-03-28 Last update: 2025-09-29 Assigner: [email protected] Source: [email protected]
NVD Status:AnalyzedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2024-28013 is rated Low Risk (39/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 0.28%). Monitor for updates and reassess as exploit intelligence or EPSS changes.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2024-28013

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2025-11-21 0.21% 0.28% +0.07%
2 2025-11-18 0.28% 0.21% -0.07%
3 2025-09-30 0.28%

Full EPSS history (8 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2024-28013

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
5.3 3.1 MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:N)
Doesn’t really leak secrets in a meaningful way.
Integrity (I:L)
Attackers could change some data, but it’s limited—not everything goes.
Availability (A:N)
Service keeps running; no real outage angle.
 3.9 1.4 134c704f-9b21-4f2e-91b3-4a467353bcc0

Weakness enumeration for CVE-2024-28013

Affected software / configurations for CVE-2024-28013

Vendor Product Version Raw CPE
nec aterm_wg1800hp4_firmware cpe:2.3:o:nec:aterm_wg1800hp4_firmware:-:*:*:*:*:*:*:*
nec aterm_wg1200hs3_firmware cpe:2.3:o:nec:aterm_wg1200hs3_firmware:-:*:*:*:*:*:*:*
nec aterm_wg1900hp2_firmware cpe:2.3:o:nec:aterm_wg1900hp2_firmware:-:*:*:*:*:*:*:*
nec aterm_wg1200hp3_firmware cpe:2.3:o:nec:aterm_wg1200hp3_firmware:-:*:*:*:*:*:*:*
nec aterm_wg1800hp3_firmware cpe:2.3:o:nec:aterm_wg1800hp3_firmware:-:*:*:*:*:*:*:*
nec aterm_wr7850s_firmware cpe:2.3:o:nec:aterm_wr7850s_firmware:-:*:*:*:*:*:*:*
nec aterm_wr6650s_firmware cpe:2.3:o:nec:aterm_wr6650s_firmware:-:*:*:*:*:*:*:*
nec aterm_wr6600h_firmware cpe:2.3:o:nec:aterm_wr6600h_firmware:-:*:*:*:*:*:*:*
nec aterm_wr7800h_firmware cpe:2.3:o:nec:aterm_wr7800h_firmware:-:*:*:*:*:*:*:*
nec aterm_wm3400rn_firmware cpe:2.3:o:nec:aterm_wm3400rn_firmware:-:*:*:*:*:*:*:*
nec aterm_wm3450rn_firmware cpe:2.3:o:nec:aterm_wm3450rn_firmware:-:*:*:*:*:*:*:*
nec aterm_wm3500r_firmware cpe:2.3:o:nec:aterm_wm3500r_firmware:-:*:*:*:*:*:*:*
nec aterm_wm3600r_firmware cpe:2.3:o:nec:aterm_wm3600r_firmware:-:*:*:*:*:*:*:*
nec aterm_wm3800r_firmware cpe:2.3:o:nec:aterm_wm3800r_firmware:-:*:*:*:*:*:*:*
nec aterm_wr8166n_firmware cpe:2.3:o:nec:aterm_wr8166n_firmware:-:*:*:*:*:*:*:*
nec aterm_mr01ln_firmware cpe:2.3:o:nec:aterm_mr01ln_firmware:-:*:*:*:*:*:*:*
nec aterm_mr02ln_firmware cpe:2.3:o:nec:aterm_mr02ln_firmware:-:*:*:*:*:*:*:*
nec aterm_wg1810hp\(je\)_firmware cpe:2.3:o:nec:aterm_wg1810hp\(je\)_firmware:-:*:*:*:*:*:*:*
nec aterm_wg1810hp\(mf\)_firmware cpe:2.3:o:nec:aterm_wg1810hp\(mf\)_firmware:-:*:*:*:*:*:*:*
nec aterm_wg1200hs2_firmware cpe:2.3:o:nec:aterm_wg1200hs2_firmware:-:*:*:*:*:*:*:*
nec aterm_wg1900hp_firmware cpe:2.3:o:nec:aterm_wg1900hp_firmware:-:*:*:*:*:*:*:*
nec aterm_wg1200hp2_firmware cpe:2.3:o:nec:aterm_wg1200hp2_firmware:-:*:*:*:*:*:*:*
nec aterm_w1200ex-ms_firmware cpe:2.3:o:nec:aterm_w1200ex-ms_firmware:-:*:*:*:*:*:*:*
nec aterm_wg1200hs_firmware cpe:2.3:o:nec:aterm_wg1200hs_firmware:-:*:*:*:*:*:*:*
nec aterm_wg1200hp_firmware cpe:2.3:o:nec:aterm_wg1200hp_firmware:-:*:*:*:*:*:*:*
nec aterm_wf300hp2_firmware cpe:2.3:o:nec:aterm_wf300hp2_firmware:-:*:*:*:*:*:*:*
nec aterm_w300p_firmware cpe:2.3:o:nec:aterm_w300p_firmware:-:*:*:*:*:*:*:*
nec aterm_wf800hp_firmware cpe:2.3:o:nec:aterm_wf800hp_firmware:-:*:*:*:*:*:*:*
nec aterm_wr8165n_firmware cpe:2.3:o:nec:aterm_wr8165n_firmware:-:*:*:*:*:*:*:*
nec aterm_wg2200hp_firmware cpe:2.3:o:nec:aterm_wg2200hp_firmware:-:*:*:*:*:*:*:*
nec aterm_wf1200hp2_firmware cpe:2.3:o:nec:aterm_wf1200hp2_firmware:-:*:*:*:*:*:*:*
nec aterm_wg1800hp2_firmware cpe:2.3:o:nec:aterm_wg1800hp2_firmware:-:*:*:*:*:*:*:*
nec aterm_wf1200hp_firmware cpe:2.3:o:nec:aterm_wf1200hp_firmware:-:*:*:*:*:*:*:*
nec aterm_wg600hp_firmware cpe:2.3:o:nec:aterm_wg600hp_firmware:-:*:*:*:*:*:*:*
nec aterm_wg300hp_firmware cpe:2.3:o:nec:aterm_wg300hp_firmware:-:*:*:*:*:*:*:*
nec aterm_wf300hp_firmware cpe:2.3:o:nec:aterm_wf300hp_firmware:-:*:*:*:*:*:*:*
nec aterm_wg1800hp_firmware cpe:2.3:o:nec:aterm_wg1800hp_firmware:-:*:*:*:*:*:*:*
nec aterm_wg1400hp_firmware cpe:2.3:o:nec:aterm_wg1400hp_firmware:-:*:*:*:*:*:*:*
nec aterm_wr8175n_firmware cpe:2.3:o:nec:aterm_wr8175n_firmware:-:*:*:*:*:*:*:*
nec aterm_wr9300n_firmware cpe:2.3:o:nec:aterm_wr9300n_firmware:-:*:*:*:*:*:*:*
nec aterm_wr8750n_firmware cpe:2.3:o:nec:aterm_wr8750n_firmware:-:*:*:*:*:*:*:*
nec aterm_wr8160n_firmware cpe:2.3:o:nec:aterm_wr8160n_firmware:-:*:*:*:*:*:*:*
nec aterm_wr9500n_firmware cpe:2.3:o:nec:aterm_wr9500n_firmware:-:*:*:*:*:*:*:*
nec aterm_wr8600n_firmware cpe:2.3:o:nec:aterm_wr8600n_firmware:-:*:*:*:*:*:*:*
nec aterm_wr8370n_firmware cpe:2.3:o:nec:aterm_wr8370n_firmware:-:*:*:*:*:*:*:*
nec aterm_wr8170n_firmware cpe:2.3:o:nec:aterm_wr8170n_firmware:-:*:*:*:*:*:*:*
nec aterm_wr8700n_firmware cpe:2.3:o:nec:aterm_wr8700n_firmware:-:*:*:*:*:*:*:*
nec aterm_wr8300n_firmware cpe:2.3:o:nec:aterm_wr8300n_firmware:-:*:*:*:*:*:*:*
nec aterm_wr8150n_firmware cpe:2.3:o:nec:aterm_wr8150n_firmware:-:*:*:*:*:*:*:*
nec aterm_wr4100n_firmware cpe:2.3:o:nec:aterm_wr4100n_firmware:-:*:*:*:*:*:*:*
nec aterm_wr4500n_firmware cpe:2.3:o:nec:aterm_wr4500n_firmware:-:*:*:*:*:*:*:*
nec aterm_wr8100n_firmware cpe:2.3:o:nec:aterm_wr8100n_firmware:-:*:*:*:*:*:*:*
nec aterm_wr8500n_firmware cpe:2.3:o:nec:aterm_wr8500n_firmware:-:*:*:*:*:*:*:*
nec aterm_cr2500p_firmware cpe:2.3:o:nec:aterm_cr2500p_firmware:-:*:*:*:*:*:*:*
nec aterm_wr8400n_firmware cpe:2.3:o:nec:aterm_wr8400n_firmware:-:*:*:*:*:*:*:*
nec aterm_wr8200n_firmware cpe:2.3:o:nec:aterm_wr8200n_firmware:-:*:*:*:*:*:*:*
nec aterm_wr1200h_firmware cpe:2.3:o:nec:aterm_wr1200h_firmware:-:*:*:*:*:*:*:*
nec aterm_wr7870s_firmware cpe:2.3:o:nec:aterm_wr7870s_firmware:-:*:*:*:*:*:*:*
nec aterm_wr6670s_firmware cpe:2.3:o:nec:aterm_wr6670s_firmware:-:*:*:*:*:*:*:*

References for CVE-2024-28013

cvelogic Threat Intelligence