CVE-2024-57238

Name of the Vulnerable Software and Affected Versions Prolink 4G LTE Mobile Wi-Fi DL-7203E version 4.0.0B05

Description The issue allows an attacker to manipulate SQL queries by injecting malicious SQL code into the order by parameter in the "/reqproc/proc get" endpoint. This enables the attacker to alter the SQL queries, potentially leading to unauthorized data access or modification.

Recommendations For version 4.0.0B05, as a temporary workaround, consider restricting access to the "/reqproc/proc get" endpoint to minimize the risk of exploitation. Avoid using the order by parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.