CVE-2024-24301
Published: 14 February 2024
Summary
CVE-2024-24301 is a high-severity Command Injection (CWE-77) vulnerability in 4Ipnet Eap-767 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Network Device CLI (T1059.008); ranked in the top 12.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-21723
Vulnerability details
Command Injection vulnerability discovered in 4ipnet EAP-767 device v3.42.00 within the web interface of the device allows attackers with valid credentials to inject arbitrary shell commands to be executed by the device with root privileges.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection in the internet-exposed web management interface allows authenticated attackers (including via default credentials and session fixation) to execute arbitrary root shell commands, enabling network device CLI abuse, public-facing application exploitation, and remote service exploitation.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.