CVE-2024-10429

Name of the Vulnerable Software and Affected Versions WAVLINK WN530H4 versions up to 20221028 WAVLINK WN530HG4 versions up to 20221028 WAVLINK WN572HG3 versions up to 20221028

Description A critical vulnerability has been found, affecting the function set ipv6 of the file internet.cgi. The manipulation of the arguments IPv6OpMode, IPv6IPAddr, IPv6WANIPAddr, and IPv6GWAddr leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Recommendations For WAVLINK WN530H4 versions up to 20221028, consider disabling the set ipv6 function in the internet.cgi file until a patch is available. For WAVLINK WN530HG4 versions up to 20221028, consider disabling the set ipv6 function in the internet.cgi file until a patch is available. For WAVLINK WN572HG3 versions up to 20221028, consider disabling the set ipv6 function in the internet.cgi file until a patch is available. As a temporary workaround, avoid using the arguments IPv6OpMode, IPv6IPAddr, IPv6WANIPAddr, and IPv6GWAddr in the affected function until the issue is resolved.