CVE-2024-24301

Severity CVSS v4.0:
Pending analysis
Type:
CWE-77 Command Injection
Publication date:
14/02/2024
Last modified:
25/03/2025

Description

Command Injection vulnerability discovered in 4ipnet EAP-767 device v3.42.00 within the web interface of the device allows attackers with valid credentials to inject arbitrary shell commands to be executed by the device with root privileges.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:4ipnet:eap-767_firmware:3.42.00:*:*:*:*:*:*:*
cpe:2.3:h:4ipnet:eap-767:*:*:*:*:*:*:*:*


References to Advisories, Solutions, and Tools