Command Injection Vulnerability in Comtrend Router Affects GRG-4280us Version
CVE-2024-5785

8HIGH

Key Information:

Vendor: Comtrend
Status: Comtrend Wld71-t1 V2.0.201820
Vendor: CVE Published:; 10 June 2024

What is CVE-2024-5785?

A command injection vulnerability has been identified in specific Comtrend router models, notably the WLD71-T1 and GRG-4280us. This flaw allows an authenticated user to execute arbitrary commands within the router’s operating system. The exploitation is facilitated via a crafted POST request targeting the administrative interface at ‘/boaform/admin/formUserTracert’. Such unauthorized execution of commands poses significant threats to network integrity and user security, warranting immediate attention and remediation.

Affected Version(s)

Comtrend WLD71-T1_v2.0.201820 GRG-4280us

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 10, 2024
Vulnerability Reserved
Jun 10, 2024

Credit

Gabriel Gonzalez García