Wi-Fi Dut tested vulnerable to OS command injection via 802.11x frames
CVE-2024-41992

Currently unrated

Key Information:

Vendor

Wi-Fi Alliance

Vendor
CVE Published:
11 November 2024

Badges

đź“° News Worthy

What is CVE-2024-41992?

Wi-Fi Alliance wfa_dut (in Wi-Fi Test Suite) through 9.0.0 allows OS command injection via 802.11x frames because the system() library function is used. For example, on Arcadyan FMIMG51AX000J devices, this leads to wfaTGSendPing remote code execution as root via traffic to TCP port 8000 or 8080 on a LAN interface. On other devices, this may be exploitable over a WAN interface.

News Articles

favicon imageCyberSecurityNews

Wi-Fi Test Suite Command Injection Vulnerability Found in Arcadyan Routers

A serious security vulnerability has been uncovered in Arcadyan routers, stemming from the unexpected presence of Wi-Fi Alliance’s testing software in production devices. Security researchers have identified a command injection flaw (CVE-2024-41992) that could allow attackers to gain complete contro...

favicon imageThe Hacker News

Researchers Discover Command Injection Flaw in Wi-Fi Alliance's Test Suite

Local attackers can exploit a vulnerability in the Wi-Fi Test Suite to gain root access.

References

https://ssd-disclosure.com/ssd-advisory-arcadyan-fmimg51a...

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • đź“°

    First article discovered by The Hacker News

  • Vulnerability Reserved

.