CVE-2024-41992

Published Nov 11, 2024

Last updated 5 days ago

CVSS high 8.8

Overview

Description
Wi-Fi Alliance wfa_dut (in Wi-Fi Test Suite) through 9.0.0 allows OS command injection via 802.11x frames because the system() library function is used. For example, on Arcadyan FMIMG51AX000J devices, this leads to wfaTGSendPing remote code execution as root via traffic to TCP port 8000 or 8080 on a LAN interface. On other devices, this may be exploitable over a WAN interface.
Source
cve@mitre.org
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-78

Social media

Hype score
Not currently trending

  1. CVE-2024-41992 (CVSS:8.8, HIGH) is Awaiting Analysis. Wi-Fi Alliance wfa_dut (in Wi-Fi Test Suite) through 9.0.0 allows OS command injection via 802.11x frames because the sy..https://t.co/XsH5Cigsxn #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    15 Nov 2024

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2024-41992 Root-Level Command Injection in Wi-Fi Alliance wfa_dut via LAN/WAN Wi-Fi Alliance wfa_dut in Wi-Fi Test Suite up to version 9.0.0 has a command injection problem. This is due to the use of the syst... https://t.co/NrZB6vVx2H

    @VulmonFeeds

    11 Nov 2024

    59 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2024-41992 Wi-Fi Alliance wfa_dut (in Wi-Fi Test Suite) through 9.0.0 allows OS command injection via 802.11x frames because the system() library function is used. For example, … https://t.co/qd88TVO488

    @CVEnew

    11 Nov 2024

    546 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Actively exploited CVE : CVE-2024-41992

    @transilienceai

    5 Nov 2024

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  5. Actively exploited CVE : CVE-2024-41992

    @transilienceai

    4 Nov 2024

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  6. 🚨 بررسی آسیب‌پذیری CVE-2024-41992 در Arcadyan FMIMG51AX000J! این آسیب‌پذیری امکان اجرای کد از راه دور (RCE) را فراهم می‌کند و تهدیدی جدی برای امنیت شبکه‌هاست. 🔗 برای اطلاعات بیشتر و کاستوم اکسپلویت به کانال تلگرام ما بپیوندید: https://t.co/TbqF3OZliO #GOTOCVE #CyberSecurity

    @soltanali0

    31 Oct 2024

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. #exploit 1. CVE-2024-41992: Arcadyan FMIMG51AX000J (WiFi Alliance) RCE https://t.co/sEFIb4BUpN 2. CVE-2024-48930: Remote Private key extraction over ECDH (11 session..) https://t.co/LzRl2pvBhV

    @ksg93rd

    28 Oct 2024

    423 Impressions

    0 Retweets

    6 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. #exploit 1. CVE-2024-41992: Arcadyan FMIMG51AX000J (WiFi Alliance) RCE https://t.co/NUO6IxocvM 2. CVE-2024-48930: Remote Private key extraction over ECDH (11 session..) https://t.co/daRcBIpmxv

    @akaclandestine

    28 Oct 2024

    4104 Impressions

    38 Retweets

    88 Likes

    30 Bookmarks

    6 Replies

    0 Quotes

  9. 🚨 Critical flaw in Wi-Fi Test Suite (CVE-2024-41992) allows attackers to gain root access on Arcadyan routers! Learn more: https://t.co/kXJZj6KPdo #Cybersecurity #WiFi #Vulnerability

    @C9Journal

    28 Oct 2024

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. A critical flaw (CVE-2024-41992) in the Wi-Fi Test Suite impacts Arcadyan routers, allowing attackers to gain root access and potentially disrupt networks. CERT/CC advises updating to version 9.0+ or removing the suite from production devices. #CyberSecurity #WiFi #hacking https

    @safeyourweb

    28 Oct 2024

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. انتبه: ثغرة أمنية في مجموعة اختبار Wi-Fi CVE-2024-41992 قد تمنح المهاجمين سيطرة كاملة على أجهزة توجيه Arcadyan. تسمح الثغرة بحقن الأوامر، مما يتيح الوصول الإداري الكامل. تعرف على التفاصيل هنا → https://t.co/Emd8g6b52R

    @CERT_Arabic

    27 Oct 2024

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. Critical security flaw CVE-2024-41992 in Wi-Fi Test Suite allows attackers to execute code with elevated privileges on Arcadyan routers. Stay informed and take necessary precautions to protect your network. Learn more: https://t.co/AoHDGgsGfy

    @KrofekSecurity

    25 Oct 2024

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. TheHackersNews: Attention: CVE-2024-41992 #vulnerability in Wi-Fi Test Suite could give attackers full control over Arcadyan routers. The flaw allows for command injection, enabling full administrative access. Find details here → https://t.co/OzBN19sced #cybersecurity #infosec

    @jvquantum

    25 Oct 2024

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. Attention: CVE-2024-41992 #vulnerability in Wi-Fi Test Suite could give attackers full control over Arcadyan routers. The flaw allows for command injection, enabling full administrative access. Find details here → https://t.co/gBcmUmmuh9... https://t.co/iSCOe1tFPT

    @IT_news_for_all

    25 Oct 2024

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. The SEI's CERT Division has released a new vulnerability note: Vulnerable WiFi Alliance example code found in Arcadyan FMIMG51AX000J (CVE-2024-41992) - https://t.co/4RnVErbih4 https://t.co/YoMG70MQfv

    @SEI_CMU

    23 Oct 2024

    126 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References