PT-2024-19366 · Yamaha · Yamaha Wlx413+4
Chuya Hayakawa
·
Published
2024-01-23
·
Updated
2024-01-30
·
CVE-2024-22366
CVSS v3.1
6.8
Medium
| Vector | AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Yamaha WLX222 firmware versions prior to Rev.24.00.04
Yamaha WLX413 firmware versions prior to Rev.22.00.06
Yamaha WLX212 firmware versions prior to Rev.21.00.13
Yamaha WLX313 firmware versions prior to Rev.18.00.13
Yamaha WLX202 firmware versions prior to Rev.16.00.19
Description
Active debug code exists in Yamaha wireless LAN access point devices. If a logged-in user who knows how to use the debug function accesses the device's management page, this function can be enabled by performing specific operations. As a result, an arbitrary OS command may be executed and/or configuration settings of the device may be altered.
Recommendations
For Yamaha WLX222 firmware version Rev.24.00.03 and earlier, update to a version later than Rev.24.00.03.
For Yamaha WLX413 firmware version Rev.22.00.05 and earlier, update to a version later than Rev.22.00.05.
For Yamaha WLX212 firmware version Rev.21.00.12 and earlier, update to a version later than Rev.21.00.12.
For Yamaha WLX313 firmware version Rev.18.00.12 and earlier, update to a version later than Rev.18.00.12.
For Yamaha WLX202 firmware version Rev.16.00.18 and earlier, update to a version later than Rev.16.00.18.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Yamaha Wlx202
Yamaha Wlx212
Yamaha Wlx222
Yamaha Wlx313
Yamaha Wlx413