PT-2024-16273 · Wavlink · Wavlink Wn530H4+1
Stellar Lab
·
Published
2024-10-27
·
Updated
2024-11-13
·
CVE-2024-10428
CVSS v2.0
8.3
High
| Vector | AV:N/AC:L/Au:M/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
WAVLINK WN530H4 versions up to 20221028
WAVLINK WN530HG4 versions up to 20221028
WAVLINK WN572HG3 versions up to 20221028
Description
A critical issue affects the
set ipv6 function of the firewall.cgi file, where manipulation of the dhcpGateway argument leads to command injection. This issue can be initiated remotely. The vendor was contacted about the disclosure but did not respond.Recommendations
For WAVLINK WN530H4 versions up to 20221028, consider disabling the
set ipv6 function in the firewall.cgi file as a temporary workaround until a patch is available.
For WAVLINK WN530HG4 versions up to 20221028, consider disabling the set ipv6 function in the firewall.cgi file as a temporary workaround until a patch is available.
For WAVLINK WN572HG3 versions up to 20221028, consider disabling the set ipv6 function in the firewall.cgi file as a temporary workaround until a patch is available.
Avoid using the dhcpGateway argument in the affected firewall.cgi file until the issue is resolved.Exploit
Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wavlink Wn530H4
Wavlink Wn572Hp3