CVE-2024-10429 in WN530H4info

Summary

by MITRE • 10/27/2024

A vulnerability classified as critical has been found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. Affected is the function set_ipv6 of the file internet.cgi. The manipulation of the argument IPv6OpMode/IPv6IPAddr/IPv6WANIPAddr/IPv6GWAddr leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 11/14/2024

This critical vulnerability exists in WAVLINK wireless routers including models WN530H4, WN530HG4, and WN572HG3 with firmware versions up to 20221028. The flaw resides in the internet.cgi script within the set_ipv6 function, which processes IPv6 configuration parameters including IPv6OpMode, IPv6IPAddr, IPv6WANIPAddr, and IPv6GWAddr. The vulnerability represents a command injection flaw that allows remote attackers to execute arbitrary commands on the affected devices through manipulation of these IPv6 parameters. This represents a severe security weakness that directly violates the principle of input validation and sanitization as outlined in CWE-77 and CWE-94, which are fundamental to preventing command injection attacks.

The technical implementation of this vulnerability enables attackers to remotely exploit the device by sending specially crafted HTTP requests to the internet.cgi endpoint. When the affected parameters are processed, the system fails to properly sanitize user input, allowing malicious commands to be executed within the context of the router's operating system. This creates a significant risk of unauthorized access, data compromise, and potential network infiltration. The vulnerability's remote exploitability means that attackers do not require physical access or local network presence to initiate the attack, making it particularly dangerous in enterprise and residential networking environments. This aligns with ATT&CK technique T1059.001 for command and scripting interpreter, specifically focusing on the execution of commands through web interfaces.

The operational impact of this vulnerability extends beyond simple remote code execution, as it provides attackers with complete control over the affected router's functionality. Once exploited, adversaries can modify network configurations, redirect traffic, establish backdoors, or use the device as a pivot point for attacking other systems within the local network. The lack of vendor response after early disclosure indicates a potential gap in the security update process, leaving users exposed to a known vulnerability for an extended period. This situation creates a dangerous environment where the router becomes a potential entry point for broader network attacks, as documented in various security frameworks that emphasize the importance of timely patch management and vendor communication. Organizations should immediately implement network segmentation and monitoring to detect potential exploitation attempts, while also preparing for the possibility of firmware updates or device replacement to address this critical vulnerability effectively.

Responsible

VulDB

Disclosure

10/27/2024

Moderation

accepted

CPE

ready

Exploit

Download

EPSS

0.17215

KEV

no

Activities

very low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!