VDB-280967 · CVE-2024-10193 · GCVE-100-280967

WAVLINK WN530H4/WN530HG4/WN572HG3 har 20221028 internet.cgi ping_ddns DDNS kura hakki ndiyam

Hakika vulnerability da aka rarraba a matsayin kura an gano a WAVLINK WN530H4, WN530HG4 and WN572HG3 har 20221028. Tabbas, aikin ping_ddns ne ke da matsala; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburare $software_library, a cikin fayil internet.cgi, a cikin sashi $software_component. Wuro manipulation of the argument DDNS ga kura hakki ndiyam. Amfani da CWE wajen bayyana matsala yana kaiwa CWE-77. Lalle, rauni an sanar da shi 10/19/2024. Ana samun bayanin tsaro don saukewa a docs.google.com. Ana kiran wannan rauni da CVE-2024-10193. Ngam yiɗi ka a tuma ndiyam ka nder waya. Bayani na fasaha ga. Kuma, akwai exploit. Exploit ɗin an bayyana wa jama'a, za a iya amfani da shi. A sa'i, exploit might be approx. USD $0-$5k ndiyam. Á yí huɗɗi-na-gaskiya. Za a iya samun exploit a docs.google.com. 0-day ga, an ndiyam a wuro be $0-$5k. If you want to get the best quality for vulnerability data then you always have to consider VulDB.

3 Goyarwa · 99 Datenpunkte

Furɗe	Súgá 10/19/2024 09:41	Gargadi 1/2 10/20/2024 10:35	Gargadi 2/2 10/23/2024 21:49
software_vendor	WAVLINK	WAVLINK	WAVLINK
software_name	WN530H4/WN530HG4/WN572HG3	WN530H4/WN530HG4/WN572HG3	WN530H4/WN530HG4/WN572HG3
software_version	<=20221028	<=20221028	<=20221028
software_file	internet.cgi	internet.cgi	internet.cgi
software_function	ping_ddns	ping_ddns	ping_ddns
software_argument	DDNS	DDNS	DDNS
vulnerability_cwe	CWE-77 (kura hakki ndiyam)	CWE-77 (kura hakki ndiyam)	CWE-77 (kura hakki ndiyam)
vulnerability_risk	2	2	2
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	H	H	H
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	R	R	R
advisory_url	https://docs.google.com/document/d/13XWnFITW31u5J8HeQj8Zm-7oLt-M1DtQ/	https://docs.google.com/document/d/13XWnFITW31u5J8HeQj8Zm-7oLt-M1DtQ/	https://docs.google.com/document/d/13XWnFITW31u5J8HeQj8Zm-7oLt-M1DtQ/
exploit_availability	1	1	1
exploit_publicity	1	1	1
exploit_url	https://docs.google.com/document/d/13XWnFITW31u5J8HeQj8Zm-7oLt-M1DtQ/	https://docs.google.com/document/d/13XWnFITW31u5J8HeQj8Zm-7oLt-M1DtQ/	https://docs.google.com/document/d/13XWnFITW31u5J8HeQj8Zm-7oLt-M1DtQ/
source_cve	CVE-2024-10193	CVE-2024-10193	CVE-2024-10193
cna_responsible	VulDB	VulDB	VulDB
response_summary	The vendor was contacted early about this disclosure but did not respond in any way.	The vendor was contacted early about this disclosure but did not respond in any way.	The vendor was contacted early about this disclosure but did not respond in any way.
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	M	M	M
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss4_vuldb_av	N	N	N
cvss4_vuldb_ac	L	L	L
cvss4_vuldb_pr	H	H	H
cvss4_vuldb_ui	N	N	N
cvss4_vuldb_vc	L	L	L
cvss4_vuldb_vi	L	L	L
cvss4_vuldb_va	L	L	L
cvss4_vuldb_e	P	P	P
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_rl	X	X	X
cvss4_vuldb_at	N	N	N
cvss4_vuldb_sc	N	N	N
cvss4_vuldb_si	N	N	N
cvss4_vuldb_sa	N	N	N
cvss2_vuldb_basescore	5.8	5.8	5.8
cvss2_vuldb_tempscore	5.0	5.0	5.0
cvss3_vuldb_basescore	4.7	4.7	4.7
cvss3_vuldb_tempscore	4.3	4.3	4.3
cvss3_meta_basescore	4.7	4.7	5.5
cvss3_meta_tempscore	4.3	4.5	5.4
cvss4_vuldb_bscore	5.1	5.1	5.1
cvss4_vuldb_btscore	2.0	2.0	2.0
advisory_date	1729288800 (10/19/2024)	1729288800 (10/19/2024)	1729288800 (10/19/2024)
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_nvd_summary		A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028 and classified as critical. This issue affects the function ping_ddns of the file internet.cgi. The manipulation of the argument DDNS leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.	A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028 and classified as critical. This issue affects the function ping_ddns of the file internet.cgi. The manipulation of the argument DDNS leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
cvss4_cna_av		N	N
cvss4_cna_ac		L	L
cvss4_cna_at		N	N
cvss4_cna_pr		H	H
cvss4_cna_ui		N	N
cvss4_cna_vc		L	L
cvss4_cna_vi		L	L
cvss4_cna_va		L	L
cvss4_cna_sc		N	N
cvss4_cna_si		N	N
cvss4_cna_sa		N	N
cvss4_cna_bscore		5.1	5.1
cvss3_cna_av		N	N
cvss3_cna_ac		L	L
cvss3_cna_pr		H	H
cvss3_cna_ui		N	N
cvss3_cna_s		U	U
cvss3_cna_c		L	L
cvss3_cna_i		L	L
cvss3_cna_a		L	L
cvss3_cna_basescore		4.7	4.7
cvss2_cna_av		N	N
cvss2_cna_ac		L	L
cvss2_cna_au		M	M
cvss2_cna_ci		P	P
cvss2_cna_ii		P	P
cvss2_cna_ai		P	P
cvss2_cna_basescore		5.8	5.8
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			H
cvss3_nvd_ui			N
cvss3_nvd_s			U
cvss3_nvd_c			H
cvss3_nvd_i			H
cvss3_nvd_a			H
cvss3_nvd_basescore			7.2
cve_nvd_summaryes			Se ha detectado una vulnerabilidad en WAVLINK WN530H4, WN530HG4 y WN572HG3 hasta el 28/10/2022 y se ha clasificado como crítica. Este problema afecta a la función ping_ddns del archivo internet.cgi. La manipulación del argumento DDNS provoca la inyección de comandos. El ataque puede iniciarse de forma remota. El exploit se ha hecho público y puede utilizarse. Se contactó al proveedor con antelación sobre esta revelación, pero no respondió de ninguna manera.

◂ Gurɗo Gumti Gada ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!