VDB-281969 · CVE-2024-10428 · GCVE-100-281969

WAVLINK WN530H4/WN530HG4/WN572HG3 ଯେପର୍ଯ୍ୟନ୍ତ 20221028 firewall.cgi set_ipv6 dhcpGateway ବିସ୍ତାରିତ ଅଧିକାର

Rakkoon nageenyaa kan ଜଟିଳ jedhamuun beekamu WAVLINK WN530H4, WN530HG4 and WN572HG3 ଯେପର୍ଯ୍ୟନ୍ତ 20221028 keessatti argameera. Miidhamni argame is hojii set_ipv6 faayilii firewall.cgi keessa. Wanti jijjiirame irratti dhcpGateway gara ବିସ୍ତାରିତ ଅଧିକାର geessa. Rakkoo ibsuuf CWE yoo fayyadamte gara CWE-77 si geessa. Odeeffannoon kun yeroo 10/26/2024 maxxanfameera. Odeeffannoon kun buufachuuf docs.google.com irratti argama. Dogoggorri kun CVE-2024-10428 jedhamee waamama. Weerara fageenya irraa jalqabuu ni danda'ama. Ibsa teeknikaa ni jira. Waan dabalataa ta’een, meeshaa balaa kana fayyadamuuf ni jira. Qorannoo miidhaa (exploit) uummataaf ifa taasifameera, kanaafis fayyadamuu ni danda'ama. Ammas, gatii exploit might be approx. USD $0-$5k yeroo ammaa irratti argamuu danda'a. ପ୍ରୁଫ୍-ଅଫ୍-କନ୍ସେପ୍ଟ ta’uu isaa ibsameera. Exploit docs.google.com irraa buufachuun ni danda'ama. Akka 0-daytti, gatiin isaa daldala dhoksaa keessatti $0-$5k akka ta'e tilmaamameera. If you want to get the best quality for vulnerability data then you always have to consider VulDB.

3 ଆଡାପ୍ଟେସନ୍ · 98 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ସୃଷ୍ଟି ହୋଇଛି 10/26/2024 04:28 PM	ଅଦ୍ୟତନ 1/2 10/27/2024 11:16 PM	ଅଦ୍ୟତନ 2/2 11/14/2024 03:44 AM
software_vendor	WAVLINK	WAVLINK	WAVLINK
software_name	WN530H4/WN530HG4/WN572HG3	WN530H4/WN530HG4/WN572HG3	WN530H4/WN530HG4/WN572HG3
software_version	<=20221028	<=20221028	<=20221028
software_file	firewall.cgi	firewall.cgi	firewall.cgi
software_function	set_ipv6	set_ipv6	set_ipv6
software_argument	dhcpGateway	dhcpGateway	dhcpGateway
vulnerability_cwe	CWE-77 (ବିସ୍ତାରିତ ଅଧିକାର)	CWE-77 (ବିସ୍ତାରିତ ଅଧିକାର)	CWE-77 (ବିସ୍ତାରିତ ଅଧିକାର)
vulnerability_risk	2	2	2
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	H	H	H
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	H	H	H
cvss3_vuldb_i	H	H	H
cvss3_vuldb_a	H	H	H
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	R	R	R
advisory_url	https://docs.google.com/document/d/11NGSJBOZzbgm_qanDno6SyucWyso7Em6/	https://docs.google.com/document/d/11NGSJBOZzbgm_qanDno6SyucWyso7Em6/	https://docs.google.com/document/d/11NGSJBOZzbgm_qanDno6SyucWyso7Em6/
exploit_availability	1	1	1
exploit_publicity	1	1	1
exploit_url	https://docs.google.com/document/d/11NGSJBOZzbgm_qanDno6SyucWyso7Em6/	https://docs.google.com/document/d/11NGSJBOZzbgm_qanDno6SyucWyso7Em6/	https://docs.google.com/document/d/11NGSJBOZzbgm_qanDno6SyucWyso7Em6/
source_cve	CVE-2024-10428	CVE-2024-10428	CVE-2024-10428
cna_responsible	VulDB	VulDB	VulDB
response_summary	The vendor was contacted early about this disclosure but did not respond in any way.	The vendor was contacted early about this disclosure but did not respond in any way.	The vendor was contacted early about this disclosure but did not respond in any way.
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	M	M	M
cvss2_vuldb_ci	C	C	C
cvss2_vuldb_ii	C	C	C
cvss2_vuldb_ai	C	C	C
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss4_vuldb_av	N	N	N
cvss4_vuldb_ac	L	L	L
cvss4_vuldb_pr	H	H	H
cvss4_vuldb_ui	N	N	N
cvss4_vuldb_vc	H	H	H
cvss4_vuldb_vi	H	H	H
cvss4_vuldb_va	H	H	H
cvss4_vuldb_e	P	P	P
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_rl	X	X	X
cvss4_vuldb_at	N	N	N
cvss4_vuldb_sc	N	N	N
cvss4_vuldb_si	N	N	N
cvss4_vuldb_sa	N	N	N
cvss2_vuldb_basescore	8.3	8.3	8.3
cvss2_vuldb_tempscore	7.1	7.1	7.1
cvss3_vuldb_basescore	7.2	7.2	7.2
cvss3_vuldb_tempscore	6.5	6.5	6.5
cvss3_meta_basescore	7.2	7.2	7.2
cvss3_meta_tempscore	6.5	6.8	7.0
cvss4_vuldb_bscore	8.6	8.6	8.6
cvss4_vuldb_btscore	7.3	7.3	7.3
advisory_date	1729893600 (10/26/2024)	1729893600 (10/26/2024)	1729893600 (10/26/2024)
price_0day	$0-$5k	$0-$5k	$0-$5k
cvss3_cna_ac		L	L
cvss3_cna_pr		H	H
cvss3_cna_ui		N	N
cvss3_cna_s		U	U
cvss3_cna_c		H	H
cvss3_cna_i		H	H
cvss3_cna_a		H	H
cvss3_cna_basescore		7.2	7.2
cvss2_cna_av		N	N
cvss2_cna_ac		L	L
cvss2_cna_au		M	M
cvss2_cna_ci		C	C
cvss2_cna_ii		C	C
cvss2_cna_ai		C	C
cvss2_cna_basescore		8.3	8.3
cve_nvd_summary		A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been rated as critical. This issue affects the function set_ipv6 of the file firewall.cgi. The manipulation of the argument dhcpGateway leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.	A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been rated as critical. This issue affects the function set_ipv6 of the file firewall.cgi. The manipulation of the argument dhcpGateway leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
cvss4_cna_av		N	N
cvss4_cna_ac		L	L
cvss4_cna_at		N	N
cvss4_cna_pr		H	H
cvss4_cna_ui		N	N
cvss4_cna_vc		H	H
cvss4_cna_vi		H	H
cvss4_cna_va		H	H
cvss4_cna_sc		N	N
cvss4_cna_si		N	N
cvss4_cna_sa		N	N
cvss4_cna_bscore		8.6	8.6
cvss3_cna_av		N	N
cve_nvd_summaryes			Se ha detectado una vulnerabilidad en WAVLINK WN530H4, WN530HG4 y WN572HG3 hasta el 28/10/2022. Se ha calificado como crítica. Este problema afecta a la función set_ipv6 del archivo firewall.cgi. La manipulación del argumento dhcpGateway provoca la inyección de comandos. El ataque puede iniciarse de forma remota. El exploit se ha hecho público y puede utilizarse. Se contactó al proveedor con antelación sobre esta revelación, pero no respondió de ninguna manera.
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			H
cvss3_nvd_ui			N
cvss3_nvd_s			U
cvss3_nvd_c			H
cvss3_nvd_i			H
cvss3_nvd_a			H
cvss3_nvd_basescore			7.2

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Do you need the next level of professionalism?

Upgrade your account now!