Cyber Resilience

CVE-2024-10193

MediumPublic PoC

Published: 20 October 2024

Published
20 October 2024
Modified
23 October 2024
KEV Added
Patch
CVSS Score v4 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0070 72.4th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-10193 is a medium-severity Command Injection (CWE-77) vulnerability in Wavlink Wn530H4 Firmware. Its CVSS base score is 5.1 (Medium).

Operationally, ranked in the top 27.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028 and classified as critical. This issue affects the function ping_ddns of the file internet.cgi. The manipulation of the argument DDNS leads to command injection. The attack may…

more

be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

wavlink
wn530h4 firmware
≤ 20221028
wavlink
wn530hg4 firmware
≤ 20221028
wavlink
wn572hg3 firmware
≤ 20221028

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References