PT-2024-33828 · Ligowave · Ligowave Apc Propeller+3
Quentin Kaiser
·
Published
2024-05-16
·
Updated
2024-05-16
·
CVE-2024-4999
CVSS v4.0
9.4
Critical
| Vector | AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:D/RE:M/U:Amber |
Name of the Vulnerable Software and Affected Versions:
Ligowave UNITY versions through 6.95-2
Ligowave PRO versions through 6.95-1.Rt3883
Ligowave MIMO versions through 6.95-1.Rt2880
Ligowave APC Propeller versions through 2-5.95-4.Rt3352
Description:
A vulnerability in the web-based management interface of multiple Ligowave devices could allow an authenticated remote attacker to execute arbitrary commands with elevated privileges.
Recommendations:
For Ligowave UNITY versions through 6.95-2, update to a version later than 6.95-2 to resolve the issue.
For Ligowave PRO versions through 6.95-1.Rt3883, update to a version later than 6.95-1.Rt3883 to resolve the issue.
For Ligowave MIMO versions through 6.95-1.Rt2880, update to a version later than 6.95-1.Rt2880 to resolve the issue.
For Ligowave APC Propeller versions through 2-5.95-4.Rt3352, update to a version later than 2-5.95-4.Rt3352 to resolve the issue.
As a temporary workaround, consider restricting access to the web-based management interface until a patch is available.
Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ligowave Apc Propeller
Ligowave Mimo
Ligowave Pro
Ligowave Unity