A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028 and classified as critical. This issue affects the function ping_ddns of the file internet.cgi. The manipulation of the argument DDNS leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
Link | Resource |
---|---|
https://docs.google.com/document/d/13XWnFITW31u5J8HeQj8Zm-7oLt-M1DtQ/ | Exploit Third Party Advisory |
https://vuldb.com/?ctiid.280967 | Permissions Required |
https://vuldb.com/?id.280967 | Third Party Advisory |
https://vuldb.com/?submit.422811 | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
History
23 Oct 2024, 16:16
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 5.8
v3 : 7.2 |
References | () https://docs.google.com/document/d/13XWnFITW31u5J8HeQj8Zm-7oLt-M1DtQ/ - Exploit, Third Party Advisory | |
References | () https://vuldb.com/?ctiid.280967 - Permissions Required | |
References | () https://vuldb.com/?id.280967 - Third Party Advisory | |
References | () https://vuldb.com/?submit.422811 - Third Party Advisory | |
First Time |
Wavlink wn530hg4 Firmware
Wavlink wn530h4 Wavlink wn530h4 Firmware Wavlink wn530hg4 Wavlink wn572hg3 Firmware Wavlink Wavlink wn572hg3 |
|
CPE | cpe:2.3:h:wavlink:wn530h4:-:*:*:*:*:*:*:* cpe:2.3:o:wavlink:wn530h4_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:wavlink:wn530hg4:-:*:*:*:*:*:*:* cpe:2.3:o:wavlink:wn572hg3_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:wavlink:wn572hg3:-:*:*:*:*:*:*:* cpe:2.3:o:wavlink:wn530hg4_firmware:*:*:*:*:*:*:*:* |
21 Oct 2024, 17:09
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
20 Oct 2024, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-20 08:15
Updated : 2024-10-23 16:16
NVD link : CVE-2024-10193
Mitre link : CVE-2024-10193
CVE.ORG link : CVE-2024-10193
JSON object : View
Products Affected
wavlink
- wn530h4
- wn530h4_firmware
- wn530hg4_firmware
- wn530hg4
- wn572hg3_firmware
- wn572hg3
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')