Overview
- Description
- A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been rated as critical. This issue affects the function set_ipv6 of the file firewall.cgi. The manipulation of the argument dhcpGateway leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
- Source
- cna@vuldb.com
- NVD status
- Analyzed
Risk scores
CVSS 4.0
- Type
- Secondary
- Base score
- 8.6
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Secondary
- Base score
- 8.3
- Impact score
- 10
- Exploitability score
- 6.4
- Vector string
- AV:N/AC:L/Au:M/C:C/I:C/A:C
Weaknesses
- cna@vuldb.com
- CWE-77
Social media
- Hype score
- Not currently trending
CVE-2024-10428 A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been rated as critical. This issue affects the function set_ipv6 of the file firewall.cgi. The manipulation... https://t.co/rU35OSSgkr
@VulmonFeeds
28 Oct 2024
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-10428: HIGH] Critical vulnerability found in WAVLINK routers up to 20221028. Exploit allows command injection through dhcpGateway argument in firewall.cgi, impacting set_ipv6 function. Risk: remote atta...#cybersecurity,#vulnerability https://t.co/Mwc27eo5LV https://t.c
@CveFindCom
27 Oct 2024
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10428 A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been rated as critical. This issue affects the function set_ipv6 of the fil… https://t.co/dMR0uVI4DY
@CVEnew
27 Oct 2024
637 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 Critical RCE in WAVLINK WN530H4/WN530HG4/WN572HG3 routers up to 20221028 (CVE-2024-10428). Unauthenticated command injection allows full device takeover. Urgent action: Patch immediately or disconnect affected devices from the internet until patched. #CyberSecurity… https://t.
@oktsec
26 Oct 2024
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn530h4_firmware:20220721:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "85ED923F-4EFA-447C-99E5-B48D1251B66C"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn530h4:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "3EA1D9AB-9DD2-42A8-BE96-6A07CB232C48"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn530hg4_firmware:20220809:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AA2EABC3-DB43-428A-B229-A003B31184D7"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn530hg4:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "9ACAF792-450A-4C0D-81DF-CC61EBCA7305"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wavlink:wn572hg3_firmware:20221028:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1F22D66E-063D-4954-AAF8-70C3E5D50EE3"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wavlink:wn572hg3:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "D85484EB-22F0-4140-9B9F-AC5EB24159DA"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]