CRITICAL🇵🇱 Wersja polska

CVE-2024-3659

CVSS 10.0v4.0pub. 2024-08-08upd. 2025-11-17

Firmware in KAON AR2140 routers, prior to versions 3.2.50 and 4.2.16, is vulnerable to a shell command injection via sending a crafted request to one of the endpoints. In order to exploit this vulnerability, one has to have access to the administrative portal of the router.

🤖 AI Analysis
How it works

The vulnerability results from insufficient input validation in one of the endpoints of the router's administrative panel. An attacker with access to the administrative interface can send a crafted HTTP request containing a malicious payload. Unfiltered data goes directly to the operating system command interpreter, allowing execution of arbitrary shell commands with the privileges of the process handling the request.

Impact

An attacker with access to the administrative panel can execute arbitrary commands on the device, which in practice means complete takeover of the router, ability to modify network configuration, and potential lateral movement to the internal network.

Mitigation & patch

Update the KAON AR2140 router firmware to version 3.2.50 or newer (for the 3.x branch) or to version 4.2.16 or newer (for the 4.x branch). Additionally, it is recommended to restrict access to the administrative panel only to trusted IP addresses and avoid exposing the router management interface on the public network.

Who is affected

KAON AR2140 routers with firmware versions earlier than 3.2.50 and earlier than 4.2.16.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Kaongroup Ar2140

    HW
    Kaongroup
    wszystkie wersje
  • Kaongroup Ar2140 Firmware

    OS
    Kaongroup
    3.2.46 – 4.2.16 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Command Injection
CWE
References