CVE-2024-22366

CVSS 6.8 MEDIUMEPSS 0.3%CWE-78

Active debug code exists in Yamaha wireless LAN access point devices. If a logged-in user who knows how to use the debug function accesses the device's management page, this function can be enabled by performing specific operations. As a result, an arbitrary OS command may be executed and/or configuration settings of the device may be altered. Affected products and versions are as follows: WLX222 firmware Rev.24.00.03 and earlier, WLX413 firmware Rev.22.00.05 and earlier, WLX212 firmware Rev.21.00.12 and earlier, WLX313 firmware Rev.18.00.12 and earlier, and WLX202 firmware Rev.16.00.18 and earlier.

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected products

Yamaha Corporation · WLX202 Yamaha Corporation · WLX212 Yamaha Corporation · WLX222 Yamaha Corporation · WLX313 Yamaha Corporation · WLX413

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://jvn.jp/en/vu/JVNVU99896362/http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU99896362.html