PT-2024-27087 · Kaon · Kaon Ar2140
Arkadiusz Maruszczak
·
Published
2024-08-08
·
Updated
2025-11-17
·
CVE-2024-3659
CVSS v4.0
10
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
KAON AR2140 routers versions prior to 4.2.16
Description
The issue is related to a shell command injection vulnerability. It can be exploited by sending a crafted request to one of the endpoints, but access to the administrative portal of the router is required.
Recommendations
For versions prior to 4.2.16, update to version 4.2.16 or later to resolve the issue. As a temporary workaround, consider restricting access to the administrative portal to minimize the risk of exploitation.
Fix
OS Command Injection
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Kaon Ar2140