Overview
- Description
- A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been classified as critical. Affected is the function Goto_chidx of the file login.cgi of the component Front-End Authentication Page. The manipulation of the argument wlanUrl leads to stack-based buffer overflow. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
- Source
- cna@vuldb.com
- NVD status
- Analyzed
Risk scores
CVSS 4.0
- Type
- Secondary
- Base score
- 8.7
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Secondary
- Base score
- 8.3
- Impact score
- 10
- Exploitability score
- 6.5
- Vector string
- AV:A/AC:L/Au:N/C:C/I:C/A:C
Social media
- Hype score
- Not currently trending
CVE-2024-10194 Critical Stack-Based Buffer Overflow in WAVLINK Routers' Authentication Page A critical vulnerability is in WAVLINK models WN530H4, WN530HG4, and WN572HG3, up to version 20221028. It affects the Go... https://t.co/YLkjJ800PI
@VulmonFeeds
20 Oct 2024
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10194 A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been classified as critical. Affected is the function Goto_chidx of the fil… https://t.co/KkBMaBSQi5
@CVEnew
20 Oct 2024
576 Impressions
1 Retweet
1 Like
1 Bookmark
0 Replies
0 Quotes
[CVE-2024-10194: HIGH] Critical security vulnerability in WAVLINK routers up to 20221028 allows remote attackers to trigger a stack-based buffer overflow via manipulated argument. Vendor notified but unresponsive.#cybersecurity,#vulnerability https://t.co/jElMcRcmOm https://t.co/
@CveFindCom
20 Oct 2024
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A severe vulnerability was disclosed for WAVLINK WN530H4 and other products (CVE-2024-10194) https://t.co/xIKA6akijq
@vuldb
19 Oct 2024
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn530h4_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FC6EC91A-7820-4387-ACB7-3747313DBDB0",
"versionEndIncluding": "20221028"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn530h4:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "3EA1D9AB-9DD2-42A8-BE96-6A07CB232C48"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn530hg4_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "80C4ED9C-1FC9-40F2-807B-5C90B69EF406",
"versionEndIncluding": "20221028"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn530hg4:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "9ACAF792-450A-4C0D-81DF-CC61EBCA7305"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn572hg3_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4F946982-3A15-4E5D-838B-CBDC56A813A2",
"versionEndIncluding": "20221028"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn572hg3:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "D85484EB-22F0-4140-9B9F-AC5EB24159DA"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]