Cyber Resilience

CVE-2024-10429

HighPublic PoCRCE

Published: 27 October 2024

Published
27 October 2024
Modified
13 November 2024
KEV Added
Patch
CVSS Score v4 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.3287 97.0th percentile
Risk Priority 37 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-10429 is a high-severity Command Injection (CWE-77) vulnerability in Wavlink Wn530H4 Firmware. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 3.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

A critical command injection vulnerability exists in the set_ipv6 function within the internet.cgi file of WAVLINK WN530H4, WN530HG4, and WN572HG3 routers up to firmware version 20221028. The flaw arises from improper handling of the IPv6OpMode, IPv6IPAddr, IPv6WANIPAddr, and IPv6GWAddr arguments, which can be manipulated to execute arbitrary commands on the device. It carries a CVSS 4.0 score of 8.6 and is tracked under CWE-77.

An authenticated remote attacker with administrative privileges can exploit the issue over the network to achieve full control over the affected router, including arbitrary command execution with high impact on confidentiality, integrity, and availability. Public exploit code has been disclosed, enabling potential use by threat actors, though no vendor patch or response has been issued despite early notification.

The provided references consist of vulnerability database entries and a disclosure document but contain no mitigation guidance or patch details. The EPSS score remains flat at 0.3287 with no material increase observed after publication.

EU & UK References

Vulnerability details

A vulnerability classified as critical has been found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. Affected is the function set_ipv6 of the file internet.cgi. The manipulation of the argument IPv6OpMode/IPv6IPAddr/IPv6WANIPAddr/IPv6GWAddr leads to command injection. It is possible to…

more

launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.008 Network Device CLI Execution
Adversaries may abuse scripting or built-in command line interpreters (CLI) on network devices to execute malicious command and payloads.
T1202 Indirect Command Execution Stealth
Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters.
Why these techniques?

Command injection in the router's web CGI (internet.cgi set_ipv6) enables remote authenticated exploitation of a public-facing application (T1190), allowing arbitrary command execution akin to Network Device CLI abuse (T1059.008) and indirect command execution (T1202) as noted in advisories.

Affected Assets

wavlink
wn530h4 firmware
20220721
wavlink
wn530hg4 firmware
20220809
wavlink
wn572hg3 firmware
20221028

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References