Crafted Shell Command Injection Vulnerability Affects KAON AR2140 Routers
CVE-2024-3659

10CRITICAL

Key Information:

Vendor: Kaon Group
Status: Ar2140
Vendor: CVE Published:; 8 August 2024

What is CVE-2024-3659?

The KAON AR2140 routers are affected by a vulnerability in their firmware versions prior to 4.2.16, which allows for shell command injection. This vulnerability arises when a malicious actor sends a specially crafted request to one of the router's endpoints, particularly targeting the administrative portal. Exploiting this vulnerability could allow unauthorized access and control over the affected device, potentially leading to further network compromise. Proper security measures and prompt firmware updates are essential to mitigate the risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

AR2140 3.0.0 < 3.2.50

AR2140 4.0.0 < 4.2.16

References

https://cert.pl/en/posts/2024/08/CVE-2024-3659

third-party-advisory

https://cert.pl/posts/2024/08/CVE-2024-3659

third-party-advisory

CVSS V4

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Aug 8, 2024
Vulnerability Reserved
Apr 11, 2024

Credit

Arkadiusz Maruszczak

JSON

Kaon Group

What is CVE-2024-3659?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.