VDB

CVE-2024-41992

CVE-2024-41992 PUBLISHED CVSS 8.800000190734863 HIGH

Wi-Fi Alliance wfa_dut (in Wi-Fi Test Suite) through 9.0.0 allows OS command injection via 802.11x frames because the system() library function is used. For example, on Arcadyan FMIMG51AX000J devices, this leads to wfaTGSendPing remote code execution as root via traffic to TCP port 8000 or 8080 on a LAN interface. On other devices, this may be exploitable over a WAN interface.

EPSS 27.92% · 96.6th percentile

Risk Scores

CVSS 3.1
8.800000190734863
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
27.92%
96.6th percentile

Affected Products

VendorProductVersions
wi-fi-test_suitewi-fi-test_suite0
n/an/an/a

Timeline

  • Nov 11, 2024 CVE Published
  • Nov 11, 2024 EPSS Score
  • Nov 11, 2024 Coalition ESS Score
  • Nov 11, 2024 PoC Published
  • Nov 12, 2024 Coalition ESS Score
  • Nov 12, 2024 Coalition ESS Score
  • Nov 12, 2024 CVE Updated
  • Dec 17, 2024 EPSS Score
  • Jan 4, 2025 EPSS Score
  • Feb 9, 2025 EPSS Score
  • Feb 26, 2025 EPSS Score
  • Mar 17, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›