VDB
CVE-2024-41992
CVE-2024-41992
PUBLISHED
CVSS 8.800000190734863 HIGH
Wi-Fi Alliance wfa_dut (in Wi-Fi Test Suite) through 9.0.0 allows OS command injection via 802.11x frames because the system() library function is used. For example, on Arcadyan FMIMG51AX000J devices, this leads to wfaTGSendPing remote code execution as root via traffic to TCP port 8000 or 8080 on a LAN interface. On other devices, this may be exploitable over a WAN interface.
EPSS 27.92% · 96.6th percentile
Risk Scores
CVSS 3.1
8.800000190734863
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
27.92%
96.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| wi-fi-test_suite | wi-fi-test_suite | 0 |
| n/a | n/a | n/a |
Timeline
- Nov 11, 2024 CVE Published
- Nov 11, 2024 EPSS Score
- Nov 11, 2024 Coalition ESS Score
- Nov 11, 2024 PoC Published
- Nov 12, 2024 Coalition ESS Score
- Nov 12, 2024 Coalition ESS Score
- Nov 12, 2024 CVE Updated
- Dec 17, 2024 EPSS Score
- Jan 4, 2025 EPSS Score
- Feb 9, 2025 EPSS Score
- Feb 26, 2025 EPSS Score
- Mar 17, 2025 EPSS Score