CVE-2024-38897
Published: 24 June 2024
Summary
CVE-2024-38897 is a medium-severity Exposure of Sensitive Information Through Data Queries (CWE-202) vulnerability in Wavlink Wn551K1 Firmware. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Network Device Configuration Dump (T1602.002); ranked in the top 45.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-37676
Vulnerability details
WAVLINK WN551K1'live_check.shtml enables attackers to obtain sensitive router information.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability in WAVLINK WN551K1 router's live_check.shtml enables unauthenticated attackers to obtain sensitive router information, directly facilitating T1602.002 (Network Device Configuration Dump) by allowing disclosure of device configuration data.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.