CVE-2023-3380
Summary
| CVE | CVE-2023-3380 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-06-23 10:15:00 UTC |
| Updated | 2023-11-07 04:18:00 UTC |
| Description | A vulnerability classified as critical has been found in Wavlink WN579X3 up to 20230615. Affected is an unknown function of the file /cgi-bin/adm.cgi of the component Ping Test. The manipulation of the argument pingIp leads to injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-232236. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
Risk And Classification
Problem Types: CWE-74
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Wavlink | Wn579x3 | - | All | All | All |
| Operating System | Wavlink | Wn579x3 Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CVE-2023-3380: Wavlink WN579X3 Ping Test adm.cgi injection | MISC | vuldb.com | |
| Login required | MISC | vuldb.com | |
| vul_report/WAVLINK/WAVLINK-WN579X3-RCE.md at main · sleepyvv/vul_report · GitHub | MISC | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.