CVE-2024-38894 | Wavlink WN551K1 touchlist_sync.cgi IP command injection

Inserito da Angelo Barbosa | Giu 25, 2024 | CVE

A vulnerability, which was classified as critical, has been found in Wavlink WN551K1. Affected by this issue is some unknown functionality of the file /cgi-bin/touchlist_sync.cgi. The manipulation of the argument IP leads to command injection.

This vulnerability is handled as CVE-2024-38894. The attack needs to be initiated within the local network. There is no exploit available.

CVE-2024-38894 | Wavlink WN551K1 touchlist_sync.cgi IP command injection

Post correlati

CVE-2024-45588 | Symphony Fintech XTS Web Trader 2.0.0.1_P160 Preference Module authorization (CIVN-2024-0281)

CVE-2024-0723 | freeSSHd 1.0.9 on Windows denial of service (ID 176545)

CVE-2023-28897 | PREH MIB3 Infotainment Unit up to 0304 UDS Services hard-coded credentials

CVE-2024-35109 | idcCMS 1.35 homePro_deal.php cross-site request forgery