CVE-2024-10429 | WAVLINK WN530H4/WN530HG4/WN572HG3 up to 20221028 internet.cgi set_ipv6 IPv6OpMode/IPv6IPAddr/IPv6WANIPAddr/IPv6GWAddr command injection

A vulnerability classified as critical has been found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. Affected is the function set_ipv6 of the file internet.cgi. The manipulation of the argument IPv6OpMode/IPv6IPAddr/IPv6WANIPAddr/IPv6GWAddr leads to command injection.

This vulnerability is traded as CVE-2024-10429. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-10429 | WAVLINK WN530H4/WN530HG4/WN572HG3 up to 20221028 internet.cgi set_ipv6 IPv6OpMode/IPv6IPAddr/IPv6WANIPAddr/IPv6GWAddr command injection

Related Posts

CVE-2024-3155 | Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel Plugin cross site scripting

CVE-2024-30886 | HadSky 7.6.3 remotelink url cross site scripting (Issue 30)

CVE-2024-43434 | Moodle Feedback Non-Respondents Report cross-site request forgery

CVE-2024-36025 | Linux Kernel up to 5.15.155/6.1.86/6.6.27/6.8.6 scsi qla_edif_app_getstats elem[] off-by-one