← volver
CVE-2024-3659

Command injection in KAON AR2140 routers

CVSS 10 CRITICALEPSS 1.6%CWE-77CWE-78
Firmware in KAON AR2140 routers, prior to versions 3.2.50 and 4.2.16, is vulnerable to a shell command injection via sending a crafted request to one of the endpoints. In order to exploit this vulnerability, one has to have access to the administrative portal of the router.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Productos afectados
KAON Group · AR2140

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://cert.pl/en/posts/2024/08/CVE-2024-3659https://cert.pl/posts/2024/08/CVE-2024-3659