CWE-489
AllowedActive Debug Code
Abstraction: Base · Status: Draft
The product is released with debugging code still enabled or active.
141 vulnerabilities reference this CWE, most recent first.
CVE-2024-28008 (GCVE-0-2024-28008)
Vulnerability from cvelistv5 – Published: 2024-03-28 00:52 – Updated: 2025-01-14 03:52- CWE-489 - Active Debug Code
| Vendor | Product | Version | |
|---|---|---|---|
| NEC Corporation | WG1800HP4 |
Affected:
all versions
|
|
| NEC Corporation | WG1200HS3 |
Affected:
all versions
|
|
| NEC Corporation | WG1900HP2 |
Affected:
all versions
|
|
| NEC Corporation | WG1200HP3 |
Affected:
all versions
|
|
| NEC Corporation | WG1800HP3 |
Affected:
all versions
|
|
| NEC Corporation | WG1200HS2 |
Affected:
all versions
|
|
| NEC Corporation | WG1900HP |
Affected:
all versions
|
|
| NEC Corporation | WG1200HP2 |
Affected:
all versions
|
|
| NEC Corporation | W1200EX(-MS) |
Affected:
all versions
|
|
| NEC Corporation | WG1200HS |
Affected:
all versions
|
|
| NEC Corporation | WG1200HP |
Affected:
all versions
|
|
| NEC Corporation | WF300HP2 |
Affected:
all versions
|
|
| NEC Corporation | W300P |
Affected:
all versions
|
|
| NEC Corporation | WF800HP |
Affected:
all versions
|
|
| NEC Corporation | WR8165N |
Affected:
all versions
|
|
| NEC Corporation | WG2200HP |
Affected:
all versions
|
|
| NEC Corporation | WF1200HP2 |
Affected:
all versions
|
|
| NEC Corporation | WG1800HP2 |
Affected:
all versions
|
|
| NEC Corporation | WF1200HP |
Affected:
all versions
|
|
| NEC Corporation | WG600HP |
Affected:
all versions
|
|
| NEC Corporation | WG300HP |
Affected:
all versions
|
|
| NEC Corporation | WF300HP |
Affected:
all versions
|
|
| NEC Corporation | WG1800HP |
Affected:
all versions
|
|
| NEC Corporation | WG1400HP |
Affected:
all versions
|
|
| NEC Corporation | WR8175N |
Affected:
all versions
|
|
| NEC Corporation | WR9300N |
Affected:
all versions
|
|
| NEC Corporation | WR8750N |
Affected:
all versions
|
|
| NEC Corporation | WR8160N |
Affected:
all versions
|
|
| NEC Corporation | WR9500N |
Affected:
all versions
|
|
| NEC Corporation | WR8600N |
Affected:
all versions
|
|
| NEC Corporation | WR8370N |
Affected:
all versions
|
|
| NEC Corporation | WR8170N |
Affected:
all versions
|
|
| NEC Corporation | WR8700N |
Affected:
all versions
|
|
| NEC Corporation | WR8300N |
Affected:
all versions
|
|
| NEC Corporation | WR8150N |
Affected:
all versions
|
|
| NEC Corporation | WR4100N |
Affected:
all versions
|
|
| NEC Corporation | WR4500N |
Affected:
all versions
|
|
| NEC Corporation | WR8100N |
Affected:
all versions
|
|
| NEC Corporation | WR8500N |
Affected:
all versions
|
|
| NEC Corporation | CR2500P |
Affected:
all versions
|
|
| NEC Corporation | WR8400N |
Affected:
all versions
|
|
| NEC Corporation | WR8200N |
Affected:
all versions
|
|
| NEC Corporation | WR1200H |
Affected:
all versions
|
|
| NEC Corporation | WR7870S |
Affected:
all versions
|
|
| NEC Corporation | WR6670S |
Affected:
all versions
|
|
| NEC Corporation | WR7850S |
Affected:
all versions
|
|
| NEC Corporation | WR6650S |
Affected:
all versions
|
|
| NEC Corporation | WR6600H |
Affected:
all versions
|
|
| NEC Corporation | WR7800H |
Affected:
all versions
|
|
| NEC Corporation | WM3400RN |
Affected:
all versions
|
|
| NEC Corporation | WM3450RN |
Affected:
all versions
|
|
| NEC Corporation | WM3500R |
Affected:
all versions
|
|
| NEC Corporation | WM3600R |
Affected:
all versions
|
|
| NEC Corporation | WM3800R |
Affected:
all versions
|
|
| NEC Corporation | WR8166N |
Affected:
all versions
|
|
| NEC Corporation | MR01LN |
Affected:
all versions
|
|
| NEC Corporation | MR02LN |
Affected:
all versions
|
|
| NEC Corporation | WG1810HP(JE) |
Affected:
all versions
|
|
| NEC Corporation | WG1810HP(MF) |
Affected:
all versions
|
|
| nec | aterm_wg1800hp4_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:nec:aterm_wr8700n_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_w1200ex-ms_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wf300hp2_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wf300hp_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wf800hp_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wg1200hp_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wg1200hs2_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wg1200hs_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wg1400hp_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wg1800hp2_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:nec:aterm_wg1800hp3:-:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wg1800hp_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wg1900hp_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wg2200hp_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wg300hp_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wg600hp_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wr8165n_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wr8170n_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wr8175n_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wr8370n_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wr8600n_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wr8750n_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wr9300n_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wr9500n_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wg1200hp3_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wg1900hp2_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wg1200hs3_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:nec:aterm_wg1800hp4_firmware:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:nec:aterm_wr8700n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_w1200ex-ms_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wf300hp2_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wf300hp_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wf800hp_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wg1200hp_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wg1200hs2_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wg1200hs_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wg1400hp_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wg1800hp2_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:h:nec:aterm_wg1800hp3:-:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wg1800hp_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wg1900hp_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wg2200hp_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wg300hp_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wg600hp_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wr8165n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wr8170n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wr8175n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wr8370n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wr8600n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wr8750n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wr9300n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wr9500n_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wg1200hp3_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wg1900hp2_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wg1200hs3_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:nec:aterm_wg1800hp4_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "aterm_wg1800hp4_firmware",
"vendor": "nec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-28008",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-02T13:05:24.151876Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T16:41:51.065Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:48:47.634Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://https://jpn.nec.com/security-info/secinfo/nv24-001_en.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "WG1800HP4",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1200HS3",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1900HP2",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1200HP3",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1800HP3",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1200HS2",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1900HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1200HP2",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "W1200EX(-MS)",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1200HS",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1200HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WF300HP2",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "W300P",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WF800HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8165N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG2200HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WF1200HP2",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1800HP2",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WF1200HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG600HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG300HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WF300HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1800HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1400HP",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8175N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR9300N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8750N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8160N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR9500N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8600N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8370N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8170N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8700N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8300N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8150N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR4100N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR4500N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8100N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8500N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "CR2500P",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8400N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8200N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR1200H",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR7870S",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR6670S",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR7850S",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR6650S",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR6600H",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR7800H",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WM3400RN",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WM3450RN",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WM3500R",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WM3600R",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WM3800R",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR8166N",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "MR01LN",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "MR02LN",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1810HP(JE)",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "WG1810HP(MF)",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Katsuhiko Sato and Ryo Kashiro of 00One, Inc. and Takayuki Sasaki and Katsunari Yoshioka of Yokohama National University."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Active Debug Code in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary OS command via the internet."
}
],
"value": "Active Debug Code in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary OS command via the internet."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "CWE-489: Active Debug Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T03:52:42.613Z",
"orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"shortName": "NEC"
},
"references": [
{
"url": "https://jpn.nec.com/security-info/secinfo/nv24-001_en.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"assignerShortName": "NEC",
"cveId": "CVE-2024-28008",
"datePublished": "2024-03-28T00:52:51.641Z",
"dateReserved": "2024-02-29T08:40:07.582Z",
"dateUpdated": "2025-01-14T03:52:42.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21827 (GCVE-0-2024-21827)
Vulnerability from cvelistv5 – Published: 2024-06-25 14:01 – Updated: 2025-11-04 17:14- CWE-489 - Leftover Debug Code
| Vendor | Product | Version | |
|---|---|---|---|
| Tp-Link | ER7206 Omada Gigabit VPN Router |
Affected:
1.4.1 Build 20240117 Rel.57421
|
|
| tp-link | er7206 |
Affected:
1.4.1
cpe:2.3:h:tp-link:er7206:1.4.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:tp-link:er7206:1.4.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "er7206",
"vendor": "tp-link",
"versions": [
{
"status": "affected",
"version": "1.4.1"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21827",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-28T03:55:30.451509Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T13:04:19.580Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:14:15.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1947",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1947"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1947"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ER7206 Omada Gigabit VPN Router",
"vendor": "Tp-Link",
"versions": [
{
"status": "affected",
"version": "1.4.1 Build 20240117 Rel.57421"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by the Vulnerability Discovery and Research team of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A leftover debug code vulnerability exists in the cli_server debug functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.4.1 Build 20240117 Rel.57421. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "CWE-489: Leftover Debug Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T17:00:06.591Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1947",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1947"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2024-21827",
"datePublished": "2024-06-25T14:01:26.644Z",
"dateReserved": "2024-02-14T16:25:03.146Z",
"dateUpdated": "2025-11-04T17:14:15.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-21785 (GCVE-0-2024-21785)
Vulnerability from cvelistv5 – Published: 2024-05-28 15:30 – Updated: 2025-02-13 17:33- CWE-489 - Leftover Debug Code
| Vendor | Product | Version | |
|---|---|---|---|
| AutomationDirect | P3-550E |
Affected:
1.2.10.9
|
|
| automationdirect | p3-550e |
Affected:
1.2.10.9
cpe:2.3:h:automationdirect:p3-550e:1.2.10.9:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:automationdirect:p3-550e:1.2.10.9:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "p3-550e",
"vendor": "automationdirect",
"versions": [
{
"status": "affected",
"version": "1.2.10.9"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21785",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-28T19:44:44.655610Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:38:08.980Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:36.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1942",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1942"
},
{
"name": "https://community.automationdirect.com/s/internal-database-security-advisory/a4GPE0000003yaj2AA/sa00038",
"tags": [
"x_transferred"
],
"url": "https://community.automationdirect.com/s/internal-database-security-advisory/a4GPE0000003yaj2AA/sa00038"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1942"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "P3-550E",
"vendor": "AutomationDirect",
"versions": [
{
"status": "affected",
"version": "1.2.10.9"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Matt Wiseman of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A leftover debug code vulnerability exists in the Telnet Diagnostic Interface functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted series of network requests can lead to unauthorized access. An attacker can send a sequence of requests to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "CWE-489: Leftover Debug Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T16:07:49.309Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1942",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1942"
},
{
"name": "https://community.automationdirect.com/s/internal-database-security-advisory/a4GPE0000003yaj2AA/sa00038",
"url": "https://community.automationdirect.com/s/internal-database-security-advisory/a4GPE0000003yaj2AA/sa00038"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1942"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2024-21785",
"datePublished": "2024-05-28T15:30:14.463Z",
"dateReserved": "2024-02-01T21:51:56.707Z",
"dateUpdated": "2025-02-13T17:33:19.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9644 (GCVE-0-2024-9644)
Vulnerability from cvelistv5 – Published: 2025-02-04 14:58 – Updated: 2025-11-19 20:35| URL | Tags |
|---|---|
| https://vulncheck.com/advisories/four-faith-hidden-api | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Four-Faith | F3x36 |
Affected:
2.0.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9644",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T15:48:55.611580Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T15:49:20.305Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "F3x36",
"vendor": "Four-Faith",
"versions": [
{
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:four-faith:f3x36_firmware:2.0.0:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jacob Baines"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an \nauthentication bypass vulnerability in the administrative web server. Authentication is not enforced on some administrative functionality when using the \"bapply.cgi\" endpoint instead of the normal \"apply.cgi\" endpoint. A remote and unauthenticated can use this vulnerability to modify settings or chain with existing authenticated vulnerabilities.\u003cbr\u003e"
}
],
"value": "The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an \nauthentication bypass vulnerability in the administrative web server. Authentication is not enforced on some administrative functionality when using the \"bapply.cgi\" endpoint instead of the normal \"apply.cgi\" endpoint. A remote and unauthenticated can use this vulnerability to modify settings or chain with existing authenticated vulnerabilities."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "CWE-489 Active Debug Code",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T20:35:28.936Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://vulncheck.com/advisories/four-faith-hidden-api"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Four-Faith F3x36 bapply.cgi Auth Bypass",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2024-9644",
"datePublished": "2025-02-04T14:58:03.363Z",
"dateReserved": "2024-10-08T18:08:01.273Z",
"dateUpdated": "2025-11-19T20:35:28.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-9643 (GCVE-0-2024-9643)
Vulnerability from cvelistv5 – Published: 2025-02-04 14:47 – Updated: 2025-11-22 01:43| URL | Tags |
|---|---|
| https://vulncheck.com/advisories/four-faith-hard-… | third-party-advisory |
| https://talosintelligence.com/vulnerability_repor… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Four-Faith | F3x36 |
Affected:
2.0.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9643",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T15:51:11.212644Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T15:51:15.735Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1752"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "F3x36",
"vendor": "Four-Faith",
"versions": [
{
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:four-faith:f3x24:2.0.0:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jacob Baines"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Four-Faith\u0026nbsp;F3x36 router using firmware v2.0.0 is vulnerable to authentication bypass due to hard-coded credentials in the administrative web server. An attacker with knowledge of the credentials can gain administrative access via crafted HTTP requests. This issue appears similar to CVE-2023-32645.\u003cbr\u003e"
}
],
"value": "The Four-Faith\u00a0F3x36 router using firmware v2.0.0 is vulnerable to authentication bypass due to hard-coded credentials in the administrative web server. An attacker with knowledge of the credentials can gain administrative access via crafted HTTP requests. This issue appears similar to CVE-2023-32645."
}
],
"impacts": [
{
"capecId": "CAPEC-70",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-70 Try Common or Default Usernames and Passwords"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "CWE-489 Active Debug Code",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-22T01:43:40.757Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://vulncheck.com/advisories/four-faith-hard-coded-creds"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1752"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Four-Faith F3x36 Hidden Debug Credentials",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2024-9643",
"datePublished": "2025-02-04T14:47:40.214Z",
"dateReserved": "2024-10-08T18:08:00.149Z",
"dateUpdated": "2025-11-22T01:43:40.757Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-7756 (GCVE-0-2024-7756)
Vulnerability from cvelistv5 – Published: 2024-09-13 17:26 – Updated: 2024-09-16 17:51- CWE-489 - Active Debug Code
| Vendor | Product | Version | |
|---|---|---|---|
| Lenovo | 10w (Type 82ST, 82SU) Laptop (Lenovo) BIOS |
Affected:
0 , < JSCN28WW
(custom)
|
|
| Lenovo | L390 (type 20NR, 20NS) Laptops (ThinkPad) BIOS |
Affected:
0 , < 1.47
(custom)
|
|
| Lenovo | L390 Yoga (type 20NT, 20NU) Laptops (ThinkPad) BIOS |
Affected:
0 , < 1.47
(custom)
|
|
| lenovo | thinkpad_l390_yoga_firmware |
Affected:
0 , < 1.47
(custom)
cpe:2.3:o:lenovo:thinkpad_l390_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:lenovo:thinkpad_l390_yoga_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | 10w_firmware |
Affected:
0 , < jscn28ww
(custom)
cpe:2.3:o:lenovo:10w_firmware:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:lenovo:thinkpad_l390_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:lenovo:thinkpad_l390_yoga_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "thinkpad_l390_yoga_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "1.47",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:10w_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "10w_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "jscn28ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7756",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-13T21:04:45.731099Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T17:51:12.837Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "10w (Type 82ST, 82SU) Laptop (Lenovo) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "JSCN28WW",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "L390 (type 20NR, 20NS) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.47",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "L390 Yoga (type 20NT, 20NU) Laptops (ThinkPad) BIOS",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.47",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Warren Togami for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA potential vulnerability was reported in the ThinkPad L390 Yoga and 10w Notebook that could allow a local attacker to escalate privileges by accessing an embedded UEFI shell. \u003c/span\u003e"
}
],
"value": "A potential vulnerability was reported in the ThinkPad L390 Yoga and 10w Notebook that could allow a local attacker to escalate privileges by accessing an embedded UEFI shell."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "CWE-489: Active Debug Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T17:26:58.798Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-165524"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update system firmware to the version (or newer) indicated for your model in the advisory:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-165524\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-165524\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "Update system firmware to the version (or newer) indicated for your model in the advisory:\u00a0 https://support.lenovo.com/us/en/product_security/LEN-165524"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2024-7756",
"datePublished": "2024-09-13T17:26:58.798Z",
"dateReserved": "2024-08-13T17:13:25.142Z",
"dateUpdated": "2024-09-16T17:51:12.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49593 (GCVE-0-2023-49593)
Vulnerability from cvelistv5 – Published: 2024-07-08 15:22 – Updated: 2025-11-04 17:13- CWE-489 - Leftover Debug Code
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:level_one:wbr6013:rer4_a_v3411b_2t2r_lev_09_170623:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wbr6013",
"vendor": "level_one",
"versions": [
{
"status": "affected",
"version": "rer4_a_v3411b_2t2r_lev_09_170623"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-49593",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-08T16:29:03.555096Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T16:29:09.941Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:13:19.140Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1873",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1873"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1873"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WBR-6013",
"vendor": "LevelOne",
"versions": [
{
"status": "affected",
"version": "RER4_A_v3411b_2T2R_LEV_09_170623"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Francesco Benvenuto of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "Leftover debug code exists in the boa formSysCmd functionality of LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623. A specially crafted network request can lead to arbitrary command execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "CWE-489: Leftover Debug Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T17:00:17.626Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1873",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1873"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-49593",
"datePublished": "2024-07-08T15:22:29.162Z",
"dateReserved": "2023-11-30T13:39:07.409Z",
"dateUpdated": "2025-11-04T17:13:19.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-34346 (GCVE-0-2023-34346)
Vulnerability from cvelistv5 – Published: 2023-10-11 15:14 – Updated: 2025-11-04 19:16- CWE-489 - Leftover Debug Code
| Vendor | Product | Version | |
|---|---|---|---|
| Yifan | YF325 |
Affected:
v1.0_20221108
|
|
| yifanwireless | yf325_firmware |
Affected:
1.0_20221108
cpe:2.3:o:yifanwireless:yf325_firmware:1.0_20221108:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:16:43.158Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1764",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1764"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1764"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:yifanwireless:yf325_firmware:1.0_20221108:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "yf325_firmware",
"vendor": "yifanwireless",
"versions": [
{
"status": "affected",
"version": "1.0_20221108"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34346",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T13:38:55.302824Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T13:39:35.424Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "YF325",
"vendor": "Yifan",
"versions": [
{
"status": "affected",
"version": "v1.0_20221108"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Francesco Benvenuto of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability exists in the httpd gwcfg.cgi get functionality of Yifan YF325 v1.0_20221108. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "CWE-489: Leftover Debug Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-11T17:00:08.032Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1764",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1764"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-34346",
"datePublished": "2023-10-11T15:14:30.390Z",
"dateReserved": "2023-06-12T17:06:03.616Z",
"dateUpdated": "2025-11-04T19:16:43.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-32645 (GCVE-0-2023-32645)
Vulnerability from cvelistv5 – Published: 2023-10-11 15:14 – Updated: 2025-11-04 19:16- CWE-489 - Leftover Debug Code
| Vendor | Product | Version | |
|---|---|---|---|
| Yifan | YF325 |
Affected:
v1.0_20221108
|
|
| yifanwireless | yf325_firmware |
Affected:
1.0_20221108
cpe:2.3:o:yifanwireless:yf325_firmware:1.0_20221108:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:16:24.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1752",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1752"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1752"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:yifanwireless:yf325_firmware:1.0_20221108:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "yf325_firmware",
"vendor": "yifanwireless",
"versions": [
{
"status": "affected",
"version": "1.0_20221108"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32645",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T13:58:25.963559Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T14:00:06.417Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "YF325",
"vendor": "Yifan",
"versions": [
{
"status": "affected",
"version": "v1.0_20221108"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Francesco Benvenuto of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A leftover debug code vulnerability exists in the httpd debug credentials functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to authentication bypass. An attacker can send a network request to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "CWE-489: Leftover Debug Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-11T17:00:06.596Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1752",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1752"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-32645",
"datePublished": "2023-10-11T15:14:32.925Z",
"dateReserved": "2023-06-01T17:20:17.570Z",
"dateUpdated": "2025-11-04T19:16:24.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-21496 (GCVE-0-2023-21496)
Vulnerability from cvelistv5 – Published: 2023-05-04 00:00 – Updated: 2025-02-12 16:16- CWE-489 - Active Debug Code
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
Affected:
Android 11, 12, 13 , < SMR May-2023 Release 1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:34.619Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=05"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21496",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T19:38:20.262629Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T16:16:52.915Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "SMR May-2023 Release 1",
"status": "affected",
"version": "Android 11, 12, 13",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Active Debug Code vulnerability in ActivityManagerService prior to SMR May-2023 Release 1 allows attacker to use debug function via setting debug level."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "CWE-489: Active Debug Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-04T00:00:00.000Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=05"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2023-21496",
"datePublished": "2023-05-04T00:00:00.000Z",
"dateReserved": "2022-11-14T00:00:00.000Z",
"dateUpdated": "2025-02-12T16:16:52.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Remove debug code before deploying the application.
CAPEC-121: Exploit Non-Production Interfaces
An adversary exploits a sample, demonstration, test, or debug interface that is unintentionally enabled on a production system, with the goal of gleaning information or leveraging functionality that would otherwise be unavailable.
CAPEC-661: Root/Jailbreak Detection Evasion via Debugging
An adversary inserts a debugger into the program entry point of a mobile application to modify the application binary, with the goal of evading Root/Jailbreak detection. Mobile device users often Root/Jailbreak their devices in order to gain administrative control over the mobile operating system and/or to install third-party mobile applications that are not provided by authorized application stores (e.g. Google Play Store and Apple App Store). Rooting/Jailbreaking a mobile device also provides users with access to system debuggers and disassemblers, which can be leveraged to exploit applications by dumping the application's memory at runtime in order to remove or bypass signature verification methods. This further allows the adversary to evade Root/Jailbreak detection mechanisms, which can result in execution of administrative commands, obtaining confidential data, impersonating legitimate users of the application, and more.