Search

Find a vulnerability

Search criteria

    12 vulnerabilities found for wn572hg3_firmware by wavlink

    CVE-2024-10429 (GCVE-0-2024-10429)

    Vulnerability from nvd – Published: 2024-10-27 21:00 – Updated: 2024-10-28 14:31
    VLAI
    Title
    WAVLINK WN530H4/WN530HG4/WN572HG3 internet.cgi set_ipv6 command injection
    Summary
    A vulnerability classified as critical has been found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. Affected is the function set_ipv6 of the file internet.cgi. The manipulation of the argument IPv6OpMode/IPv6IPAddr/IPv6WANIPAddr/IPv6GWAddr leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.281970 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.281970 signaturepermissions-required
    https://vuldb.com/?submit.427274 third-party-advisory
    https://docs.google.com/document/d/1ktuys5jr7MKwz… exploit
    Impacted products
    Vendor Product Version
    WAVLINK WN530H4 Affected: 20221028
    Create a notification for this product.
    WAVLINK WN530HG4 Affected: 20221028
    Create a notification for this product.
    WAVLINK WN572HG3 Affected: 20221028
    Create a notification for this product.
    wavlink wn530h4_firmware Affected: 20221028
        cpe:2.3:o:wavlink:wn530h4_firmware:20221028:*:*:*:*:*:*:*
    Create a notification for this product.
    wavlink wn530hg4_firmware Affected: 20221028
        cpe:2.3:o:wavlink:wn530hg4_firmware:20221028:*:*:*:*:*:*:*
    Create a notification for this product.
    wavlink wn572hg3_firmware Affected: 20221028
        cpe:2.3:o:wavlink:wn572hg3_firmware:20221028:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Stellar Lab (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:wavlink:wn530h4_firmware:20221028:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wn530h4_firmware",
                "vendor": "wavlink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "20221028"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:wavlink:wn530hg4_firmware:20221028:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wn530hg4_firmware",
                "vendor": "wavlink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "20221028"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:wavlink:wn572hg3_firmware:20221028:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wn572hg3_firmware",
                "vendor": "wavlink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "20221028"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-10429",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T14:27:51.907664Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T14:31:32.749Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WN530H4",
              "vendor": "WAVLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "20221028"
                }
              ]
            },
            {
              "product": "WN530HG4",
              "vendor": "WAVLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "20221028"
                }
              ]
            },
            {
              "product": "WN572HG3",
              "vendor": "WAVLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "20221028"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Stellar Lab (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical has been found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. Affected is the function set_ipv6 of the file internet.cgi. The manipulation of the argument IPv6OpMode/IPv6IPAddr/IPv6WANIPAddr/IPv6GWAddr leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Es wurde eine kritische Schwachstelle in WAVLINK WN530H4, WN530HG4 and WN572HG3 bis 20221028 entdeckt. Es betrifft die Funktion set_ipv6 der Datei internet.cgi. Durch das Manipulieren des Arguments IPv6OpMode/IPv6IPAddr/IPv6WANIPAddr/IPv6GWAddr mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 8.3,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-27T21:00:07.693Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-281970 | WAVLINK WN530H4/WN530HG4/WN572HG3 internet.cgi set_ipv6 command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.281970"
            },
            {
              "name": "VDB-281970 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.281970"
            },
            {
              "name": "Submit #427274 | wavlink WN530H4,WN530HG4,WN572HG3 WN530H4-WAVLINK_20220721,WN530HG4-WAVLINK_20220809,WN572HG3-WAVLINK_WO_20221028  Command Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.427274"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://docs.google.com/document/d/1ktuys5jr7MKwz503QBbEfxZ5mZbXlbvl/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-10-26T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-10-26T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-10-26T16:28:46.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "WAVLINK WN530H4/WN530HG4/WN572HG3 internet.cgi set_ipv6 command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-10429",
        "datePublished": "2024-10-27T21:00:07.693Z",
        "dateReserved": "2024-10-26T14:23:38.137Z",
        "dateUpdated": "2024-10-28T14:31:32.749Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-10428 (GCVE-0-2024-10428)

    Vulnerability from nvd – Published: 2024-10-27 20:31 – Updated: 2024-10-28 14:44
    VLAI
    Title
    WAVLINK WN530H4/WN530HG4/WN572HG3 firewall.cgi set_ipv6 command injection
    Summary
    A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been rated as critical. This issue affects the function set_ipv6 of the file firewall.cgi. The manipulation of the argument dhcpGateway leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.281969 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.281969 signaturepermissions-required
    https://vuldb.com/?submit.427272 third-party-advisory
    https://docs.google.com/document/d/11NGSJBOZzbgm_… exploit
    Impacted products
    Vendor Product Version
    WAVLINK WN530H4 Affected: 20221028
    Create a notification for this product.
    WAVLINK WN530HG4 Affected: 20221028
    Create a notification for this product.
    WAVLINK WN572HG3 Affected: 20221028
    Create a notification for this product.
    wavlink wn572hg3_firmware Affected: 20221028
        cpe:2.3:o:wavlink:wn530h4_firmware:20221028:*:*:*:*:*:*:*
        cpe:2.3:o:wavlink:wn530hg4_firmware:20221028:*:*:*:*:*:*:*
        cpe:2.3:o:wavlink:wn572hg3_firmware:20221028:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Stellar Lab (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:wavlink:wn530h4_firmware:20221028:*:*:*:*:*:*:*",
                  "cpe:2.3:o:wavlink:wn530hg4_firmware:20221028:*:*:*:*:*:*:*",
                  "cpe:2.3:o:wavlink:wn572hg3_firmware:20221028:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wn572hg3_firmware",
                "vendor": "wavlink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "20221028"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-10428",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T14:39:30.488779Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T14:44:44.018Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WN530H4",
              "vendor": "WAVLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "20221028"
                }
              ]
            },
            {
              "product": "WN530HG4",
              "vendor": "WAVLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "20221028"
                }
              ]
            },
            {
              "product": "WN572HG3",
              "vendor": "WAVLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "20221028"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Stellar Lab (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been rated as critical. This issue affects the function set_ipv6 of the file firewall.cgi. The manipulation of the argument dhcpGateway leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in WAVLINK WN530H4, WN530HG4 and WN572HG3 bis 20221028 ausgemacht. Sie wurde als kritisch eingestuft. Hierbei geht es um die Funktion set_ipv6 der Datei firewall.cgi. Mittels Manipulieren des Arguments dhcpGateway mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 8.3,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-27T20:31:05.064Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-281969 | WAVLINK WN530H4/WN530HG4/WN572HG3 firewall.cgi set_ipv6 command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.281969"
            },
            {
              "name": "VDB-281969 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.281969"
            },
            {
              "name": "Submit #427272 | wavlink WN530H4,WN530HG4,WN572HG3 WN530H4-WAVLINK_20220721,WN530HG4-WAVLINK_20220809,WN572HG3-WAVLINK_WO_20221028  Command Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.427272"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://docs.google.com/document/d/11NGSJBOZzbgm_qanDno6SyucWyso7Em6/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-10-26T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-10-26T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-10-26T16:28:43.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "WAVLINK WN530H4/WN530HG4/WN572HG3 firewall.cgi set_ipv6 command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-10428",
        "datePublished": "2024-10-27T20:31:05.064Z",
        "dateReserved": "2024-10-26T14:23:36.058Z",
        "dateUpdated": "2024-10-28T14:44:44.018Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-10194 (GCVE-0-2024-10194)

    Vulnerability from nvd – Published: 2024-10-20 08:00 – Updated: 2024-10-21 19:54
    VLAI
    Title
    WAVLINK WN530H4/WN530HG4/WN572HG3 Front-End Authentication Page login.cgi Goto_chidx stack-based overflow
    Summary
    A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been classified as critical. Affected is the function Goto_chidx of the file login.cgi of the component Front-End Authentication Page. The manipulation of the argument wlanUrl leads to stack-based buffer overflow. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.280968 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.280968 signaturepermissions-required
    https://vuldb.com/?submit.422834 third-party-advisory
    https://docs.google.com/document/d/1PodIMRe1f0Ql8… exploit
    Impacted products
    Vendor Product Version
    WAVLINK WN530H4 Affected: 20221028
    Create a notification for this product.
    WAVLINK WN530HG4 Affected: 20221028
    Create a notification for this product.
    WAVLINK WN572HG3 Affected: 20221028
    Create a notification for this product.
    wavlink wn530h4 Affected: 20221028
        cpe:2.3:h:wavlink:wn530h4:-:*:*:*:*:*:*:*
    Create a notification for this product.
    wavlink wn530hg4 Affected: 20221028
        cpe:2.3:h:wavlink:wn530hg4:-:*:*:*:*:*:*:*
    Create a notification for this product.
    wavlink wn572hg3 Affected: 20221028
        cpe:2.3:h:wavlink:wn572hg3:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Stellar Lab (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:wavlink:wn530h4:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "wn530h4",
                "vendor": "wavlink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "20221028"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:wavlink:wn530hg4:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "wn530hg4",
                "vendor": "wavlink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "20221028"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:wavlink:wn572hg3:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "wn572hg3",
                "vendor": "wavlink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "20221028"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-10194",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-21T19:52:45.602669Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-21T19:54:26.267Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Front-End Authentication Page"
              ],
              "product": "WN530H4",
              "vendor": "WAVLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "20221028"
                }
              ]
            },
            {
              "modules": [
                "Front-End Authentication Page"
              ],
              "product": "WN530HG4",
              "vendor": "WAVLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "20221028"
                }
              ]
            },
            {
              "modules": [
                "Front-End Authentication Page"
              ],
              "product": "WN572HG3",
              "vendor": "WAVLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "20221028"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Stellar Lab (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been classified as critical. Affected is the function Goto_chidx of the file login.cgi of the component Front-End Authentication Page. The manipulation of the argument wlanUrl leads to stack-based buffer overflow. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Es wurde eine kritische Schwachstelle in WAVLINK WN530H4, WN530HG4 and WN572HG3 bis 20221028 ausgemacht. Dabei betrifft es die Funktion Goto_chidx der Datei login.cgi der Komponente Front-End Authentication Page. Mittels Manipulieren des Arguments wlanUrl mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei im lokalen Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 8.3,
                "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-20T08:00:06.181Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-280968 | WAVLINK WN530H4/WN530HG4/WN572HG3 Front-End Authentication Page login.cgi Goto_chidx stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.280968"
            },
            {
              "name": "VDB-280968 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.280968"
            },
            {
              "name": "Submit #422834 | wavlink WN530H4,WN530HG4,WN572HG3 WN530H4-WAVLINK_20220721,WN530HG4-WAVLINK_20220809,WN572HG3-WAVLINK_WO_20221028 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.422834"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://docs.google.com/document/d/1PodIMRe1f0Ql83jUXV5VIoc-Xsf9VC1K"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-10-19T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-10-19T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-10-19T09:41:16.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "WAVLINK WN530H4/WN530HG4/WN572HG3 Front-End Authentication Page login.cgi Goto_chidx stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-10194",
        "datePublished": "2024-10-20T08:00:06.181Z",
        "dateReserved": "2024-10-19T07:36:09.437Z",
        "dateUpdated": "2024-10-21T19:54:26.267Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-10193 (GCVE-0-2024-10193)

    Vulnerability from nvd – Published: 2024-10-20 07:31 – Updated: 2024-10-21 16:16
    VLAI
    Title
    WAVLINK WN530H4/WN530HG4/WN572HG3 internet.cgi ping_ddns command injection
    Summary
    A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028 and classified as critical. This issue affects the function ping_ddns of the file internet.cgi. The manipulation of the argument DDNS leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.280967 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.280967 signaturepermissions-required
    https://vuldb.com/?submit.422811 third-party-advisory
    https://docs.google.com/document/d/13XWnFITW31u5J… exploit
    Impacted products
    Vendor Product Version
    WAVLINK WN530H4 Affected: 20221028
    Create a notification for this product.
    WAVLINK WN530HG4 Affected: 20221028
    Create a notification for this product.
    WAVLINK WN572HG3 Affected: 20221028
    Create a notification for this product.
    wavlink wn530h4_firmware Affected: 20220721
        cpe:2.3:o:wavlink:wn530h4_firmware:20220721:*:*:*:*:*:*:*
    Create a notification for this product.
    wavlink wn530hg4_firmware Affected: 20220809
        cpe:2.3:o:wavlink:wn530hg4_firmware:20220809:*:*:*:*:*:*:*
    Create a notification for this product.
    wavlink wn572hg3_firmware Affected: 20221028
        cpe:2.3:o:wavlink:wn572hg3_firmware:20221028:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Stellar Lab (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:wavlink:wn530h4_firmware:20220721:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wn530h4_firmware",
                "vendor": "wavlink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "20220721"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:wavlink:wn530hg4_firmware:20220809:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wn530hg4_firmware",
                "vendor": "wavlink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "20220809"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:wavlink:wn572hg3_firmware:20221028:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wn572hg3_firmware",
                "vendor": "wavlink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "20221028"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-10193",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-21T16:12:54.832624Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-21T16:16:50.003Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WN530H4",
              "vendor": "WAVLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "20221028"
                }
              ]
            },
            {
              "product": "WN530HG4",
              "vendor": "WAVLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "20221028"
                }
              ]
            },
            {
              "product": "WN572HG3",
              "vendor": "WAVLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "20221028"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Stellar Lab (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028 and classified as critical. This issue affects the function ping_ddns of the file internet.cgi. The manipulation of the argument DDNS leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Eine kritische Schwachstelle wurde in WAVLINK WN530H4, WN530HG4 and WN572HG3 bis 20221028 gefunden. Dies betrifft die Funktion ping_ddns der Datei internet.cgi. Mittels dem Manipulieren des Arguments DDNS mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5.8,
                "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-20T07:31:05.305Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-280967 | WAVLINK WN530H4/WN530HG4/WN572HG3 internet.cgi ping_ddns command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.280967"
            },
            {
              "name": "VDB-280967 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.280967"
            },
            {
              "name": "Submit #422811 | wavlink WN530H4,WN530HG4,WN572HG3 WN530H4-WAVLINK_20220721,WN530HG4-WAVLINK_20220809,WN572HG3-WAVLINK_WO_20221028 Command Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.422811"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://docs.google.com/document/d/13XWnFITW31u5J8HeQj8Zm-7oLt-M1DtQ/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-10-19T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-10-19T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-10-19T09:41:15.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "WAVLINK WN530H4/WN530HG4/WN572HG3 internet.cgi ping_ddns command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-10193",
        "datePublished": "2024-10-20T07:31:05.305Z",
        "dateReserved": "2024-10-19T07:36:07.095Z",
        "dateUpdated": "2024-10-21T16:16:50.003Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-10974 (GCVE-0-2020-10974)

    Vulnerability from nvd – Published: 2020-05-07 17:42 – Updated: 2024-08-04 11:21
    VLAI
    Summary
    An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. No authentication is required. Affected devices: Wavlink WN575A3, Wavlink WN579G3, Wavlink WN531A6, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, Wavlink WN572HG3, Wavlink WN575A4, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:21:14.401Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/sudo-jtcsec/Nyra"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/Roni-Carta/nyra"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974-affected_devices"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. No authentication is required. Affected devices: Wavlink WN575A3, Wavlink WN579G3, Wavlink WN531A6, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, Wavlink WN572HG3, Wavlink WN575A4, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-04T20:12:37.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/sudo-jtcsec/Nyra"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/Roni-Carta/nyra"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974-affected_devices"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-10974",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. No authentication is required. Affected devices: Wavlink WN575A3, Wavlink WN579G3, Wavlink WN531A6, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, Wavlink WN572HG3, Wavlink WN575A4, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974",
                  "refsource": "MISC",
                  "url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974"
                },
                {
                  "name": "https://github.com/sudo-jtcsec/Nyra",
                  "refsource": "MISC",
                  "url": "https://github.com/sudo-jtcsec/Nyra"
                },
                {
                  "name": "https://github.com/Roni-Carta/nyra",
                  "refsource": "MISC",
                  "url": "https://github.com/Roni-Carta/nyra"
                },
                {
                  "name": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974-affected_devices",
                  "refsource": "MISC",
                  "url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974-affected_devices"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-10974",
        "datePublished": "2020-05-07T17:42:57.000Z",
        "dateReserved": "2020-03-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T11:21:14.401Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-10972 (GCVE-0-2020-10972)

    Vulnerability from nvd – Published: 2020-05-07 17:51 – Updated: 2024-08-04 11:21
    VLAI
    Summary
    An issue was discovered where a page is exposed that has the current administrator password in cleartext in the source code of the page. No authentication is required in order to reach the page (a certain live_?.shtml page with the variable syspasswd). Affected Devices: Wavlink WN530HG4, Wavlink WN531G3, and Wavlink WN572HG3
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:21:14.518Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10972"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/sudo-jtcsec/Nyra"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/Roni-Carta/nyra"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10972-affected_devices"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered where a page is exposed that has the current administrator password in cleartext in the source code of the page. No authentication is required in order to reach the page (a certain live_?.shtml page with the variable syspasswd). Affected Devices: Wavlink WN530HG4, Wavlink WN531G3, and Wavlink WN572HG3"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-04T19:32:54.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10972"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/sudo-jtcsec/Nyra"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/Roni-Carta/nyra"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10972-affected_devices"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-10972",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered where a page is exposed that has the current administrator password in cleartext in the source code of the page. No authentication is required in order to reach the page (a certain live_?.shtml page with the variable syspasswd). Affected Devices: Wavlink WN530HG4, Wavlink WN531G3, and Wavlink WN572HG3"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10972",
                  "refsource": "MISC",
                  "url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10972"
                },
                {
                  "name": "https://github.com/sudo-jtcsec/Nyra",
                  "refsource": "MISC",
                  "url": "https://github.com/sudo-jtcsec/Nyra"
                },
                {
                  "name": "https://github.com/Roni-Carta/nyra",
                  "refsource": "MISC",
                  "url": "https://github.com/Roni-Carta/nyra"
                },
                {
                  "name": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10972-affected_devices",
                  "refsource": "MISC",
                  "url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10972-affected_devices"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-10972",
        "datePublished": "2020-05-07T17:51:48.000Z",
        "dateReserved": "2020-03-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T11:21:14.518Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-10429 (GCVE-0-2024-10429)

    Vulnerability from cvelistv5 – Published: 2024-10-27 21:00 – Updated: 2024-10-28 14:31
    VLAI
    Title
    WAVLINK WN530H4/WN530HG4/WN572HG3 internet.cgi set_ipv6 command injection
    Summary
    A vulnerability classified as critical has been found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. Affected is the function set_ipv6 of the file internet.cgi. The manipulation of the argument IPv6OpMode/IPv6IPAddr/IPv6WANIPAddr/IPv6GWAddr leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.281970 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.281970 signaturepermissions-required
    https://vuldb.com/?submit.427274 third-party-advisory
    https://docs.google.com/document/d/1ktuys5jr7MKwz… exploit
    Impacted products
    Vendor Product Version
    WAVLINK WN530H4 Affected: 20221028
    Create a notification for this product.
    WAVLINK WN530HG4 Affected: 20221028
    Create a notification for this product.
    WAVLINK WN572HG3 Affected: 20221028
    Create a notification for this product.
    wavlink wn530h4_firmware Affected: 20221028
        cpe:2.3:o:wavlink:wn530h4_firmware:20221028:*:*:*:*:*:*:*
    Create a notification for this product.
    wavlink wn530hg4_firmware Affected: 20221028
        cpe:2.3:o:wavlink:wn530hg4_firmware:20221028:*:*:*:*:*:*:*
    Create a notification for this product.
    wavlink wn572hg3_firmware Affected: 20221028
        cpe:2.3:o:wavlink:wn572hg3_firmware:20221028:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Stellar Lab (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:wavlink:wn530h4_firmware:20221028:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wn530h4_firmware",
                "vendor": "wavlink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "20221028"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:wavlink:wn530hg4_firmware:20221028:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wn530hg4_firmware",
                "vendor": "wavlink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "20221028"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:wavlink:wn572hg3_firmware:20221028:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wn572hg3_firmware",
                "vendor": "wavlink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "20221028"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-10429",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T14:27:51.907664Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T14:31:32.749Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WN530H4",
              "vendor": "WAVLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "20221028"
                }
              ]
            },
            {
              "product": "WN530HG4",
              "vendor": "WAVLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "20221028"
                }
              ]
            },
            {
              "product": "WN572HG3",
              "vendor": "WAVLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "20221028"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Stellar Lab (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical has been found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. Affected is the function set_ipv6 of the file internet.cgi. The manipulation of the argument IPv6OpMode/IPv6IPAddr/IPv6WANIPAddr/IPv6GWAddr leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Es wurde eine kritische Schwachstelle in WAVLINK WN530H4, WN530HG4 and WN572HG3 bis 20221028 entdeckt. Es betrifft die Funktion set_ipv6 der Datei internet.cgi. Durch das Manipulieren des Arguments IPv6OpMode/IPv6IPAddr/IPv6WANIPAddr/IPv6GWAddr mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 8.3,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-27T21:00:07.693Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-281970 | WAVLINK WN530H4/WN530HG4/WN572HG3 internet.cgi set_ipv6 command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.281970"
            },
            {
              "name": "VDB-281970 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.281970"
            },
            {
              "name": "Submit #427274 | wavlink WN530H4,WN530HG4,WN572HG3 WN530H4-WAVLINK_20220721,WN530HG4-WAVLINK_20220809,WN572HG3-WAVLINK_WO_20221028  Command Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.427274"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://docs.google.com/document/d/1ktuys5jr7MKwz503QBbEfxZ5mZbXlbvl/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-10-26T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-10-26T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-10-26T16:28:46.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "WAVLINK WN530H4/WN530HG4/WN572HG3 internet.cgi set_ipv6 command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-10429",
        "datePublished": "2024-10-27T21:00:07.693Z",
        "dateReserved": "2024-10-26T14:23:38.137Z",
        "dateUpdated": "2024-10-28T14:31:32.749Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-10428 (GCVE-0-2024-10428)

    Vulnerability from cvelistv5 – Published: 2024-10-27 20:31 – Updated: 2024-10-28 14:44
    VLAI
    Title
    WAVLINK WN530H4/WN530HG4/WN572HG3 firewall.cgi set_ipv6 command injection
    Summary
    A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been rated as critical. This issue affects the function set_ipv6 of the file firewall.cgi. The manipulation of the argument dhcpGateway leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.281969 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.281969 signaturepermissions-required
    https://vuldb.com/?submit.427272 third-party-advisory
    https://docs.google.com/document/d/11NGSJBOZzbgm_… exploit
    Impacted products
    Vendor Product Version
    WAVLINK WN530H4 Affected: 20221028
    Create a notification for this product.
    WAVLINK WN530HG4 Affected: 20221028
    Create a notification for this product.
    WAVLINK WN572HG3 Affected: 20221028
    Create a notification for this product.
    wavlink wn572hg3_firmware Affected: 20221028
        cpe:2.3:o:wavlink:wn530h4_firmware:20221028:*:*:*:*:*:*:*
        cpe:2.3:o:wavlink:wn530hg4_firmware:20221028:*:*:*:*:*:*:*
        cpe:2.3:o:wavlink:wn572hg3_firmware:20221028:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Stellar Lab (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:wavlink:wn530h4_firmware:20221028:*:*:*:*:*:*:*",
                  "cpe:2.3:o:wavlink:wn530hg4_firmware:20221028:*:*:*:*:*:*:*",
                  "cpe:2.3:o:wavlink:wn572hg3_firmware:20221028:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wn572hg3_firmware",
                "vendor": "wavlink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "20221028"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-10428",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T14:39:30.488779Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T14:44:44.018Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WN530H4",
              "vendor": "WAVLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "20221028"
                }
              ]
            },
            {
              "product": "WN530HG4",
              "vendor": "WAVLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "20221028"
                }
              ]
            },
            {
              "product": "WN572HG3",
              "vendor": "WAVLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "20221028"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Stellar Lab (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been rated as critical. This issue affects the function set_ipv6 of the file firewall.cgi. The manipulation of the argument dhcpGateway leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in WAVLINK WN530H4, WN530HG4 and WN572HG3 bis 20221028 ausgemacht. Sie wurde als kritisch eingestuft. Hierbei geht es um die Funktion set_ipv6 der Datei firewall.cgi. Mittels Manipulieren des Arguments dhcpGateway mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 8.3,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-27T20:31:05.064Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-281969 | WAVLINK WN530H4/WN530HG4/WN572HG3 firewall.cgi set_ipv6 command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.281969"
            },
            {
              "name": "VDB-281969 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.281969"
            },
            {
              "name": "Submit #427272 | wavlink WN530H4,WN530HG4,WN572HG3 WN530H4-WAVLINK_20220721,WN530HG4-WAVLINK_20220809,WN572HG3-WAVLINK_WO_20221028  Command Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.427272"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://docs.google.com/document/d/11NGSJBOZzbgm_qanDno6SyucWyso7Em6/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-10-26T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-10-26T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-10-26T16:28:43.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "WAVLINK WN530H4/WN530HG4/WN572HG3 firewall.cgi set_ipv6 command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-10428",
        "datePublished": "2024-10-27T20:31:05.064Z",
        "dateReserved": "2024-10-26T14:23:36.058Z",
        "dateUpdated": "2024-10-28T14:44:44.018Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-10194 (GCVE-0-2024-10194)

    Vulnerability from cvelistv5 – Published: 2024-10-20 08:00 – Updated: 2024-10-21 19:54
    VLAI
    Title
    WAVLINK WN530H4/WN530HG4/WN572HG3 Front-End Authentication Page login.cgi Goto_chidx stack-based overflow
    Summary
    A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been classified as critical. Affected is the function Goto_chidx of the file login.cgi of the component Front-End Authentication Page. The manipulation of the argument wlanUrl leads to stack-based buffer overflow. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.280968 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.280968 signaturepermissions-required
    https://vuldb.com/?submit.422834 third-party-advisory
    https://docs.google.com/document/d/1PodIMRe1f0Ql8… exploit
    Impacted products
    Vendor Product Version
    WAVLINK WN530H4 Affected: 20221028
    Create a notification for this product.
    WAVLINK WN530HG4 Affected: 20221028
    Create a notification for this product.
    WAVLINK WN572HG3 Affected: 20221028
    Create a notification for this product.
    wavlink wn530h4 Affected: 20221028
        cpe:2.3:h:wavlink:wn530h4:-:*:*:*:*:*:*:*
    Create a notification for this product.
    wavlink wn530hg4 Affected: 20221028
        cpe:2.3:h:wavlink:wn530hg4:-:*:*:*:*:*:*:*
    Create a notification for this product.
    wavlink wn572hg3 Affected: 20221028
        cpe:2.3:h:wavlink:wn572hg3:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Stellar Lab (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:wavlink:wn530h4:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "wn530h4",
                "vendor": "wavlink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "20221028"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:wavlink:wn530hg4:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "wn530hg4",
                "vendor": "wavlink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "20221028"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:wavlink:wn572hg3:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "wn572hg3",
                "vendor": "wavlink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "20221028"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-10194",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-21T19:52:45.602669Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-21T19:54:26.267Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Front-End Authentication Page"
              ],
              "product": "WN530H4",
              "vendor": "WAVLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "20221028"
                }
              ]
            },
            {
              "modules": [
                "Front-End Authentication Page"
              ],
              "product": "WN530HG4",
              "vendor": "WAVLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "20221028"
                }
              ]
            },
            {
              "modules": [
                "Front-End Authentication Page"
              ],
              "product": "WN572HG3",
              "vendor": "WAVLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "20221028"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Stellar Lab (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been classified as critical. Affected is the function Goto_chidx of the file login.cgi of the component Front-End Authentication Page. The manipulation of the argument wlanUrl leads to stack-based buffer overflow. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Es wurde eine kritische Schwachstelle in WAVLINK WN530H4, WN530HG4 and WN572HG3 bis 20221028 ausgemacht. Dabei betrifft es die Funktion Goto_chidx der Datei login.cgi der Komponente Front-End Authentication Page. Mittels Manipulieren des Arguments wlanUrl mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei im lokalen Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 8.3,
                "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-20T08:00:06.181Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-280968 | WAVLINK WN530H4/WN530HG4/WN572HG3 Front-End Authentication Page login.cgi Goto_chidx stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.280968"
            },
            {
              "name": "VDB-280968 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.280968"
            },
            {
              "name": "Submit #422834 | wavlink WN530H4,WN530HG4,WN572HG3 WN530H4-WAVLINK_20220721,WN530HG4-WAVLINK_20220809,WN572HG3-WAVLINK_WO_20221028 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.422834"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://docs.google.com/document/d/1PodIMRe1f0Ql83jUXV5VIoc-Xsf9VC1K"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-10-19T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-10-19T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-10-19T09:41:16.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "WAVLINK WN530H4/WN530HG4/WN572HG3 Front-End Authentication Page login.cgi Goto_chidx stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-10194",
        "datePublished": "2024-10-20T08:00:06.181Z",
        "dateReserved": "2024-10-19T07:36:09.437Z",
        "dateUpdated": "2024-10-21T19:54:26.267Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-10193 (GCVE-0-2024-10193)

    Vulnerability from cvelistv5 – Published: 2024-10-20 07:31 – Updated: 2024-10-21 16:16
    VLAI
    Title
    WAVLINK WN530H4/WN530HG4/WN572HG3 internet.cgi ping_ddns command injection
    Summary
    A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028 and classified as critical. This issue affects the function ping_ddns of the file internet.cgi. The manipulation of the argument DDNS leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.280967 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.280967 signaturepermissions-required
    https://vuldb.com/?submit.422811 third-party-advisory
    https://docs.google.com/document/d/13XWnFITW31u5J… exploit
    Impacted products
    Vendor Product Version
    WAVLINK WN530H4 Affected: 20221028
    Create a notification for this product.
    WAVLINK WN530HG4 Affected: 20221028
    Create a notification for this product.
    WAVLINK WN572HG3 Affected: 20221028
    Create a notification for this product.
    wavlink wn530h4_firmware Affected: 20220721
        cpe:2.3:o:wavlink:wn530h4_firmware:20220721:*:*:*:*:*:*:*
    Create a notification for this product.
    wavlink wn530hg4_firmware Affected: 20220809
        cpe:2.3:o:wavlink:wn530hg4_firmware:20220809:*:*:*:*:*:*:*
    Create a notification for this product.
    wavlink wn572hg3_firmware Affected: 20221028
        cpe:2.3:o:wavlink:wn572hg3_firmware:20221028:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Stellar Lab (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:wavlink:wn530h4_firmware:20220721:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wn530h4_firmware",
                "vendor": "wavlink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "20220721"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:wavlink:wn530hg4_firmware:20220809:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wn530hg4_firmware",
                "vendor": "wavlink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "20220809"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:wavlink:wn572hg3_firmware:20221028:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wn572hg3_firmware",
                "vendor": "wavlink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "20221028"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-10193",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-21T16:12:54.832624Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-21T16:16:50.003Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WN530H4",
              "vendor": "WAVLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "20221028"
                }
              ]
            },
            {
              "product": "WN530HG4",
              "vendor": "WAVLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "20221028"
                }
              ]
            },
            {
              "product": "WN572HG3",
              "vendor": "WAVLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "20221028"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Stellar Lab (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028 and classified as critical. This issue affects the function ping_ddns of the file internet.cgi. The manipulation of the argument DDNS leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Eine kritische Schwachstelle wurde in WAVLINK WN530H4, WN530HG4 and WN572HG3 bis 20221028 gefunden. Dies betrifft die Funktion ping_ddns der Datei internet.cgi. Mittels dem Manipulieren des Arguments DDNS mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5.8,
                "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-20T07:31:05.305Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-280967 | WAVLINK WN530H4/WN530HG4/WN572HG3 internet.cgi ping_ddns command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.280967"
            },
            {
              "name": "VDB-280967 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.280967"
            },
            {
              "name": "Submit #422811 | wavlink WN530H4,WN530HG4,WN572HG3 WN530H4-WAVLINK_20220721,WN530HG4-WAVLINK_20220809,WN572HG3-WAVLINK_WO_20221028 Command Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.422811"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://docs.google.com/document/d/13XWnFITW31u5J8HeQj8Zm-7oLt-M1DtQ/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-10-19T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-10-19T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-10-19T09:41:15.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "WAVLINK WN530H4/WN530HG4/WN572HG3 internet.cgi ping_ddns command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-10193",
        "datePublished": "2024-10-20T07:31:05.305Z",
        "dateReserved": "2024-10-19T07:36:07.095Z",
        "dateUpdated": "2024-10-21T16:16:50.003Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-10972 (GCVE-0-2020-10972)

    Vulnerability from cvelistv5 – Published: 2020-05-07 17:51 – Updated: 2024-08-04 11:21
    VLAI
    Summary
    An issue was discovered where a page is exposed that has the current administrator password in cleartext in the source code of the page. No authentication is required in order to reach the page (a certain live_?.shtml page with the variable syspasswd). Affected Devices: Wavlink WN530HG4, Wavlink WN531G3, and Wavlink WN572HG3
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:21:14.518Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10972"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/sudo-jtcsec/Nyra"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/Roni-Carta/nyra"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10972-affected_devices"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered where a page is exposed that has the current administrator password in cleartext in the source code of the page. No authentication is required in order to reach the page (a certain live_?.shtml page with the variable syspasswd). Affected Devices: Wavlink WN530HG4, Wavlink WN531G3, and Wavlink WN572HG3"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-04T19:32:54.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10972"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/sudo-jtcsec/Nyra"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/Roni-Carta/nyra"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10972-affected_devices"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-10972",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered where a page is exposed that has the current administrator password in cleartext in the source code of the page. No authentication is required in order to reach the page (a certain live_?.shtml page with the variable syspasswd). Affected Devices: Wavlink WN530HG4, Wavlink WN531G3, and Wavlink WN572HG3"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10972",
                  "refsource": "MISC",
                  "url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10972"
                },
                {
                  "name": "https://github.com/sudo-jtcsec/Nyra",
                  "refsource": "MISC",
                  "url": "https://github.com/sudo-jtcsec/Nyra"
                },
                {
                  "name": "https://github.com/Roni-Carta/nyra",
                  "refsource": "MISC",
                  "url": "https://github.com/Roni-Carta/nyra"
                },
                {
                  "name": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10972-affected_devices",
                  "refsource": "MISC",
                  "url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10972-affected_devices"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-10972",
        "datePublished": "2020-05-07T17:51:48.000Z",
        "dateReserved": "2020-03-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T11:21:14.518Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-10974 (GCVE-0-2020-10974)

    Vulnerability from cvelistv5 – Published: 2020-05-07 17:42 – Updated: 2024-08-04 11:21
    VLAI
    Summary
    An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. No authentication is required. Affected devices: Wavlink WN575A3, Wavlink WN579G3, Wavlink WN531A6, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, Wavlink WN572HG3, Wavlink WN575A4, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:21:14.401Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/sudo-jtcsec/Nyra"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/Roni-Carta/nyra"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974-affected_devices"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. No authentication is required. Affected devices: Wavlink WN575A3, Wavlink WN579G3, Wavlink WN531A6, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, Wavlink WN572HG3, Wavlink WN575A4, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-04T20:12:37.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/sudo-jtcsec/Nyra"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/Roni-Carta/nyra"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974-affected_devices"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-10974",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. No authentication is required. Affected devices: Wavlink WN575A3, Wavlink WN579G3, Wavlink WN531A6, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, Wavlink WN572HG3, Wavlink WN575A4, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974",
                  "refsource": "MISC",
                  "url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974"
                },
                {
                  "name": "https://github.com/sudo-jtcsec/Nyra",
                  "refsource": "MISC",
                  "url": "https://github.com/sudo-jtcsec/Nyra"
                },
                {
                  "name": "https://github.com/Roni-Carta/nyra",
                  "refsource": "MISC",
                  "url": "https://github.com/Roni-Carta/nyra"
                },
                {
                  "name": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974-affected_devices",
                  "refsource": "MISC",
                  "url": "https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10974-affected_devices"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-10974",
        "datePublished": "2020-05-07T17:42:57.000Z",
        "dateReserved": "2020-03-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T11:21:14.401Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }