Command Injection vulnerability discovered in 4ipnet EAP-767 device v3.42.00 within the web interface of the device allows attackers with valid credentials to inject arbitrary shell commands to be executed by the device with root privileges.
References
Link | Resource |
---|---|
https://github.com/yckuo-sdc/PoC | Exploit Mitigation Third Party Advisory |
https://github.com/yckuo-sdc/PoC | Exploit Mitigation Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
25 Mar 2025, 15:18
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/yckuo-sdc/PoC - Exploit, Mitigation, Third Party Advisory | |
CPE | cpe:2.3:o:4ipnet:eap-767_firmware:3.42.00:*:*:*:*:*:*:* cpe:2.3:h:4ipnet:eap-767:*:*:*:*:*:*:*:* |
|
First Time |
4ipnet eap-767 Firmware
4ipnet 4ipnet eap-767 |
21 Nov 2024, 08:59
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/yckuo-sdc/PoC - |
27 Aug 2024, 19:35
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CWE | CWE-77 | |
Summary |
|
14 Feb 2024, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-14 23:15
Updated : 2025-03-25 15:18
NVD link : CVE-2024-24301
Mitre link : CVE-2024-24301
CVE.ORG link : CVE-2024-24301
JSON object : View
Products Affected
4ipnet
- eap-767_firmware
- eap-767
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')