Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2024-10429

🗓️ 27 Oct 2024 21:00:07Reported by VulDBType 
cve
 cve🔗 web.nvd.nist.gov👁 54 Views🌐 WEB

A critical vulnerability in WAVLINK WN530H4, WN530HG4, and WN572HG3 allows remote command injection via manipulation of IPv6 settings in internet.cgi up to 20221028

Related
Detection
Affected
Refs
Paths
ReporterTitlePublishedViews
Family
Circl		CVE-2024-10429
27 Oct 202422:35
circl
CNNVD		WAVLINK多款产品 命令注入漏洞
27 Oct 202400:00
cnnvd
Cvelist		CVE-2024-10429 WAVLINK WN530H4/WN530HG4/WN572HG3 internet.cgi set_ipv6 command injection
27 Oct 202421:00
cvelist
EUVD		EUVD-2024-33111
3 Oct 202520:07
euvd
NVD		CVE-2024-10429
27 Oct 202421:15
nvd
OSV		CVE-2024-10429
27 Oct 202421:15
osv
Positive Technologies		PT-2024-16274 · Wavlink · Wavlink Wn572Hp3 +1
27 Oct 202400:00
ptsecurity
RedhatCVE		CVE-2024-10429
5 Feb 202504:54
redhatcve
Vulnrichment		CVE-2024-10429 WAVLINK WN530H4/WN530HG4/WN572HG3 internet.cgi set_ipv6 command injection
27 Oct 202421:00
vulnrichment
NVD
Vulners
Vulnrichment
Node
wavlinkwn530h4_firmwareMatch20220721
AND
wavlinkwn530h4Match-
Node
wavlinkwn530hg4_firmwareMatch20220809
AND
wavlinkwn530hg4Match-
Node
wavlinkwn572hg3_firmwareMatch20221028
AND
wavlinkwn572hg3Match-
[
  {
    "vendor": "WAVLINK",
    "product": "WN530H4",
    "versions": [
      {
        "version": "20221028",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "WAVLINK",
    "product": "WN530HG4",
    "versions": [
      {
        "version": "20221028",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "WAVLINK",
    "product": "WN572HG3",
    "versions": [
      {
        "version": "20221028",
        "status": "affected"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
IPv6OpModerequest body/internet.cgiCommand injection via IPv6 related parameters in internet.cgiCWE-77
IPv6IPAddrrequest body/internet.cgiCommand injection via IPv6 related parameters in internet.cgiCWE-77
IPv6WANIPAddrrequest body/internet.cgiCommand injection via IPv6 related parameters in internet.cgiCWE-77
IPv6GWAddrrequest body/internet.cgiCommand injection via IPv6 related parameters in internet.cgiCWE-77

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
13 Nov 2024 17:58Current
7.4High risk
Vulners AI Score7.4
CVSS 3.17.2
CVSS 28.3
CVSS 48.6
CVSS 37.2
EPSS0.32875
SSVC
CWE-77
wavlink wn530h4wn530hg4wn572hg3remote command injectionipv6internet.cgicritical vulnerabilitycommand injection20221028
54