CVE-2024-41992
Published: 11 November 2024
Summary
CVE-2024-41992 is a high-severity OS Command Injection (CWE-78) vulnerability in Ssd Disclosure (inferred from references). Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 3.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2024-41992 is an OS command injection vulnerability in the Wi-Fi Alliance wfa_dut component of the Wi-Fi Test Suite through version 9.0.0. The flaw stems from unsafe use of the system() library function when processing 802.11x frames, which is categorized under CWE-78. It has been observed on devices such as the Arcadyan FMIMG51AX000J and may affect other implementations that incorporate the same test-suite code.
An attacker on the local network can exploit the issue by sending crafted traffic to TCP port 8000 or 8080, invoking the wfaTGSendPing function and achieving remote code execution as root. The CVSS 3.1 score of 8.8 reflects network adjacency, low attack complexity, and no required credentials or user interaction; on some devices the vector may extend to a WAN interface.
Public advisories and technical details are available at the SSD Disclosure advisory and the CERT Vulnerability Note 123336. The current EPSS score of 0.2792 matches its recorded peak, indicating sustained but not sharply increasing exploitation interest since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-39311
Vulnerability details
Wi-Fi Alliance wfa_dut (in Wi-Fi Test Suite) through 9.0.0 allows OS command injection via 802.11x frames because the system() library function is used. For example, on Arcadyan FMIMG51AX000J devices, this leads to wfaTGSendPing remote code execution as root via traffic…
more
to TCP port 8000 or 8080 on a LAN interface. On other devices, this may be exploitable over a WAN interface.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.