Command Injection Vulnerability in WAVLINK WN551K1 Device
CVE-2024-38896

Currently unrated

Key Information:

Vendor: WAVLINK
Status: Wn551k1 Firmware
Vendor: CVE Published:; 24 June 2024

What is CVE-2024-38896?

A command injection vulnerability exists in the WAVLINK WN551K1 device, specifically within the start_hour parameter of the /cgi-bin/nightled.cgi script. This vulnerability enables an attacker to inject arbitrary commands, potentially leading to unauthorized access and control over the affected device. Proper input validation and sanitization measures are essential to mitigate this type of security risk. Users of the WAVLINK WN551K1 should apply relevant patches and review their device configurations to enhance security and prevent exploitation.

References

https://github.com/s4ndw1ch136/IOT-vuln-reports/tree/main...

EPSS Score

7% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 24, 2024
Vulnerability Reserved
Jun 21, 2024