HIGH🇵🇱 Wersja polska

CVE-2024-10428

CVSS 8.6v4.0pub. 2024-10-27upd. 2024-11-13

A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been rated as critical. This issue affects the function set_ipv6 of the file firewall.cgi. The manipulation of the argument dhcpGateway leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Wavlink Wn530h4

    HW
    Wavlink
    wszystkie wersje
  • Wavlink Wn530h4 Firmware

    OS
    Wavlink
    20220721
  • Wavlink Wn530hg4

    HW
    Wavlink
    wszystkie wersje
  • Wavlink Wn530hg4 Firmware

    OS
    Wavlink
    20220809
  • Wavlink Wn572hg3

    HW
    Wavlink
    wszystkie wersje
  • Wavlink Wn572hg3 Firmware

    OS
    Wavlink
    20221028
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Firewall
CWE
References

Related vulnerabilities

CVE-2022-35520CRITICAL9.8ten sam produkt

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 api.cgi has no filtering on parameter ufconf, and this is...

CVE-2022-35521CRITICAL9.8ten sam produkt

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameters: remoteManage...

CVE-2022-35518CRITICAL9.8ten sam produkt

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 nas.cgi has no filtering on parameters: User1Passwd and U...

CVE-2022-35519CRITICAL9.8ten sam produkt

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter add_mac, which...

CVE-2022-35522CRITICAL9.8ten sam produkt

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: ppp_username, ppp...