CVE-2024-4999

A vulnerability in the web-based management interface of multiple Ligowave devices could allow an authenticated remote attacker to execute arbitrary commands with elevated privileges.This issue affects UNITY: through 6.95-2; PRO: through 6.95-1.Rt3883; MIMO: through 6.95-1.Rt2880; APC Propeller: through 2-5.95-4.Rt3352.
CVSS

No CVSS.

Configurations

No configuration.

History

21 Nov 2024, 09:44

Type Values Removed Values Added
References () https://onekey.com/blog/security-advisory-remote-code-execution-in-ligowave-devices/ - () https://onekey.com/blog/security-advisory-remote-code-execution-in-ligowave-devices/ -
Summary
  • (es) Una vulnerabilidad en la interfaz de administración basada en web de múltiples dispositivos Ligowave podría permitir que un atacante remoto autenticado ejecute comandos arbitrarios con privilegios elevados. Este problema afecta a UNITY: hasta 6.95-2; PRO: hasta 6.95-1.Rt3883; MIMO: hasta 6.95-1.Rt2880; APC Propeller: hasta 2-5.95-4.Rt3352.

16 May 2024, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-05-16 13:15

Updated : 2024-11-21 09:44


NVD link : CVE-2024-4999

Mitre link : CVE-2024-4999

CVE.ORG link : CVE-2024-4999


JSON object : View

Products Affected

No product.

CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')