Cyber Resilience

CVE-2024-24301

HighPublic PoCRCE

Published: 14 February 2024

Published
14 February 2024
Modified
25 March 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0358 88.0th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-24301 is a high-severity Command Injection (CWE-77) vulnerability in 4Ipnet Eap-767 Firmware. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Network Device CLI (T1059.008); ranked in the top 12.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

Command Injection vulnerability discovered in 4ipnet EAP-767 device v3.42.00 within the web interface of the device allows attackers with valid credentials to inject arbitrary shell commands to be executed by the device with root privileges.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059.008 Network Device CLI Execution
Adversaries may abuse scripting or built-in command line interpreters (CLI) on network devices to execute malicious command and payloads.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Why these techniques?

Command injection in the internet-exposed web management interface allows authenticated attackers (including via default credentials and session fixation) to execute arbitrary root shell commands, enabling network device CLI abuse, public-facing application exploitation, and remote service exploitation.

Affected Assets

4ipnet
eap-767 firmware
3.42.00

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References