CVE-2024-10193 | WAVLINK WN530H4/WN530HG4/WN572HG3 up to 20221028 internet.cgi ping_ddns DDNS command injection

Inserito da Angelo Barbosa | Ott 19, 2024 | CVE

A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028 and classified as critical. This issue affects the function ping_ddns of the file internet.cgi. The manipulation of the argument DDNS leads to command injection.

The identification of this vulnerability is CVE-2024-10193. The attack may be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-10193 | WAVLINK WN530H4/WN530HG4/WN572HG3 up to 20221028 internet.cgi ping_ddns DDNS command injection

Post correlati

CVE-2024-45797 | OISF libhtp up to 0.5.48 HTTP Protocol Parser allocation of resources (ID 7191)

CVE-2024-34200 | Totolink CP450 4.1.0cu.747_B20191224 setIpQosRules stack-based overflow

CVE-2024-33971 | Janobe School Attendance Monitoring System 1.0 /login.php username sql injection

CVE-2024-4736 | Campcodes Legal Case Management System 1.0 /admin/tax name cross site scripting