CVE-2024-41992

Name of the Vulnerable Software and Affected Versions Wi-Fi Alliance wfa dut (in Wi-Fi Test Suite) versions 9.0.0 and earlier

Description The issue allows OS command injection via 802.11x frames because the system() library function is used. For example, on Arcadyan FMIMG51AX000J devices, this leads to wfaTGSendPing remote code execution as root via traffic to TCP port 8000 or 8080 on a LAN interface. On other devices, this may be exploitable over a WAN interface. The flaw enables full administrative access, allowing attackers to modify system settings, disrupt critical network services, or completely reset the device, potentially leading to outages, compromise of network data, and loss of connection for all users in the affected network.

Recommendations For Wi-Fi Alliance wfa dut (in Wi-Fi Test Suite) versions 9.0.0 and earlier, update to version 9.0 or later to resolve the issue. As a temporary workaround, consider disabling the use of the system() library function or restricting access to the vulnerable Wi-Fi Test Suite until a patch is available. Additionally, removing the Wi-Fi Test Suite from devices or updating to a version 9.0 or later can help mitigate the risk of exploitation.