CVE-2024-10429
Published: 27 October 2024
Summary
CVE-2024-10429 is a high-severity Command Injection (CWE-77) vulnerability in Wavlink Wn530H4 Firmware. Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 3.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
A critical command injection vulnerability exists in the set_ipv6 function within the internet.cgi file of WAVLINK WN530H4, WN530HG4, and WN572HG3 routers up to firmware version 20221028. The flaw arises from improper handling of the IPv6OpMode, IPv6IPAddr, IPv6WANIPAddr, and IPv6GWAddr arguments, which can be manipulated to execute arbitrary commands on the device. It carries a CVSS 4.0 score of 8.6 and is tracked under CWE-77.
An authenticated remote attacker with administrative privileges can exploit the issue over the network to achieve full control over the affected router, including arbitrary command execution with high impact on confidentiality, integrity, and availability. Public exploit code has been disclosed, enabling potential use by threat actors, though no vendor patch or response has been issued despite early notification.
The provided references consist of vulnerability database entries and a disclosure document but contain no mitigation guidance or patch details. The EPSS score remains flat at 0.3287 with no material increase observed after publication.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-33111
Vulnerability details
A vulnerability classified as critical has been found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. Affected is the function set_ipv6 of the file internet.cgi. The manipulation of the argument IPv6OpMode/IPv6IPAddr/IPv6WANIPAddr/IPv6GWAddr leads to command injection. It is possible to…
more
launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection in the router's web CGI (internet.cgi set_ipv6) enables remote authenticated exploitation of a public-facing application (T1190), allowing arbitrary command execution akin to Network Device CLI abuse (T1059.008) and indirect command execution (T1202) as noted in advisories.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.