CVE-2024-10429 | WAVLINK WN530H4/WN530HG4/WN572HG3 up to 20221028 internet.cgi set_ipv6 IPv6OpMode/IPv6IPAddr/IPv6WANIPAddr/IPv6GWAddr command injection

A vulnerability classified as critical has been found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. Affected is the function set_ipv6 of the file internet.cgi. The manipulation of the argument IPv6OpMode/IPv6IPAddr/IPv6WANIPAddr/IPv6GWAddr leads to command injection.

This vulnerability is traded as CVE-2024-10429. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-10429 | WAVLINK WN530H4/WN530HG4/WN572HG3 up to 20221028 internet.cgi set_ipv6 IPv6OpMode/IPv6IPAddr/IPv6WANIPAddr/IPv6GWAddr command injection

Related Posts

CVE-2024-30255 | envoy CONTINUATION Frame resource consumption

CVE-2024-43313 | FormFacade Plugin up to 1.3.2 on WordPress cross site scripting

CVE-2024-43794 | opensearch-project security-dashboards-plugin up to 1.3.18/2.15.x nextUrl redirect

CVE-2023-31001 | IBM Security Verify Access Appliance up to 10.0.6.1 storing passwords in a recoverable format (XFDB-254653)