PT-2024-28754 · Unknown · Ax3000 Dual-Band Gigabit Wi-Fi 6 Router Ax12+1
Swind1Er
·
Published
2024-07-19
·
Updated
2024-08-01
·
CVE-2024-39963
CVSS v3.1
8.0
High
| Vector | AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX9 version V22.03.01.46
AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX12 version V1.0 V22.03.01.46
Description
The issue is related to an authenticated remote command execution via the
macFilterType parameter at the "/goform/setMacFilterCfg" API endpoint. This allows for potential exploitation where an attacker could execute commands remotely on the affected device.Recommendations
For AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX9 version V22.03.01.46, avoid using the
macFilterType parameter in the "/goform/setMacFilterCfg" API endpoint until the issue is resolved.
For AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX12 version V1.0 V22.03.01.46, consider restricting access to the "/goform/setMacFilterCfg" API endpoint to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ax3000 Dual-Band Gigabit Wi-Fi 6 Router Ax12
Ax3000 Dual-Band Gigabit Wi-Fi 6 Router Ax9