CVE-2024-53688

Name of the Vulnerable Software and Affected Versions AE1021 firmware versions 2.0.10 and earlier AE1021PE firmware versions 2.0.10 and earlier

Description An issue exists due to the improper neutralization of special elements used in an OS command, which may allow a logged-in user to execute an arbitrary OS command using a crafted HTTP request. This issue is related to 'OS Command Injection'.

Recommendations For AE1021 firmware versions 2.0.10 and earlier, consider disabling the ability to execute OS commands until a patch is available. For AE1021PE firmware versions 2.0.10 and earlier, restrict access to the vulnerable module to minimize the risk of exploitation. As a temporary workaround, avoid using crafted HTTP requests that may trigger the OS command injection issue until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.