CVE-2024-22366
Published Jan 24, 2024
Last updated 9 months ago
Overview
- Description
- Active debug code exists in Yamaha wireless LAN access point devices. If a logged-in user who knows how to use the debug function accesses the device's management page, this function can be enabled by performing specific operations. As a result, an arbitrary OS command may be executed and/or configuration settings of the device may be altered. Affected products and versions are as follows: WLX222 firmware Rev.24.00.03 and earlier, WLX413 firmware Rev.22.00.05 and earlier, WLX212 firmware Rev.21.00.12 and earlier, WLX313 firmware Rev.18.00.12 and earlier, and WLX202 firmware Rev.16.00.18 and earlier.
- Source
- vultures@jpcert.or.jp
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.8
- Impact score
- 5.9
- Exploitability score
- 0.9
- Vector string
- CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- MEDIUM
Weaknesses
- nvd@nist.gov
- CWE-78
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yamaha:wlx222_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "70856555-1E43-41CF-8703-E275C324C11D",
"versionEndExcluding": "24.00.04"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yamaha:wlx222:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "AED9A76F-D05F-4AEB-8074-A4D537776463"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yamaha:wlx413_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A13D6C91-1FD0-4C34-8B8E-B267EC158675",
"versionEndExcluding": "22.00.06"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yamaha:wlx413:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "D7F38F22-188D-4024-BC93-A6F5B50FCD07"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yamaha:wlx212_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "286E914E-E498-453E-9153-4CFF24447050",
"versionEndExcluding": "21.00.13"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yamaha:wlx212:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "F5C7ADB6-B1EE-4F30-87C8-2BA683B97D9E"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yamaha:wlx313_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F1927743-73D4-4642-83A7-CCB4379A9E1E",
"versionEndExcluding": "18.00.13"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yamaha:wlx313:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "0F2EAA17-C6D9-4C84-BCD4-F0599035F4E2"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yamaha:wlx202_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4000DA8E-6E03-470E-BC61-82504C51D5A9",
"versionEndExcluding": "16.00.19"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yamaha:wlx202:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "BAFE472D-2EF8-4AB5-B482-5279B3F5EFAB"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]