CVE-2024-10428 | WAVLINK WN530H4/WN530HG4/WN572HG3 up to 20221028 firewall.cgi set_ipv6 dhcpGateway command injection

Posted by Angelo Barbosa | Oct 26, 2024 | CVE

A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been rated as critical. This issue affects the function set_ipv6 of the file firewall.cgi. The manipulation of the argument dhcpGateway leads to command injection.

The identification of this vulnerability is CVE-2024-10428. The attack may be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-10428 | WAVLINK WN530H4/WN530HG4/WN572HG3 up to 20221028 firewall.cgi set_ipv6 dhcpGateway command injection

Related Posts

CVE-2024-0855 | Spiffy Calendar Plugin up to 4.9.8 on WordPress event_author improper authorization

CVE-2024-20289 | Cisco NX-OS up to 10.4(2) CLI os command injection (cisco-sa-nxos-cmdinj-Lq6jsZhH)

CVE-2023-48694 | azure-rtos usbx up to 6.2.1 type confusion (GHSA-qjw8-7w86-44qj)

CVE-2024-33650 | Cryout Creations Serious Slider Plugin up to 1.2.4 on WordPress cross-site request forgery