CVE-2024-28014 in WG1800HP4info

Summary

by MITRE • 03/28/2024

Stack-based Buffer Overflow vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN and MR02LN all versions allows a attacker to execute an arbitrary command via the internet.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 08/23/2024

This stack-based buffer overflow vulnerability exists in multiple NEC Corporation wireless router models including the Aterm WG1800HP4, WG1200HS3, and numerous other variants. The flaw occurs when processing input data that exceeds the allocated stack buffer space, creating a condition where adjacent memory locations can be overwritten. This type of vulnerability falls under CWE-121 Stack-based Buffer Overflow, which represents one of the most common and dangerous classes of software vulnerabilities. The vulnerability affects a broad range of NEC wireless networking equipment that share similar firmware architectures and input handling mechanisms.

The technical implementation of this vulnerability allows attackers to exploit the buffer overflow condition through internet-based communication channels. When malicious input is processed by the affected routers, particularly in network configuration or administrative interfaces, the excessive data overflows into adjacent stack memory regions. This overflow can overwrite return addresses, function pointers, and other critical control data, enabling attackers to manipulate program execution flow. The attack vector specifically targets internet-facing services that handle user input, making these devices particularly vulnerable when exposed to untrusted network traffic.

The operational impact of this vulnerability extends beyond simple denial of service conditions, as it provides attackers with the capability to execute arbitrary code on affected devices. This represents a critical security risk for network infrastructure, as successful exploitation could allow attackers to gain full administrative control over the affected routers. Once compromised, these devices could be used as entry points for lateral movement within networks, to establish persistent backdoors, or to redirect network traffic for man-in-the-middle attacks. The vulnerability affects enterprise and residential networks alike, potentially compromising thousands of devices simultaneously due to the widespread deployment of these NEC router models.

Organizations should implement immediate mitigations including firmware updates from NEC Corporation, network segmentation to isolate affected devices, and monitoring for suspicious network activity. The vulnerability demonstrates the importance of proper input validation and memory management practices in embedded systems, aligning with ATT&CK technique T1059.007 for Command and Scripting Interpreter. Network administrators should also consider disabling unnecessary internet-facing services and implementing intrusion detection systems to monitor for exploitation attempts. Given the scope of affected models, comprehensive inventory management and coordinated patching efforts are essential to prevent widespread compromise across affected deployments.

Reservation

02/29/2024

Disclosure

03/28/2024

Moderation

accepted

CPE

ready

EPSS

0.00689

KEV

no

Activities

very low

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!