CVE-2024-4999
Ligowave Unity/Pro/Mimo/APC Arbitrary Command Injection
Severity Score
9.4
*CVSS v4
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
A vulnerability in the web-based management interface of multiple Ligowave devices could allow an authenticated remoteĀ attacker to execute arbitrary commands with elevated privileges.This issue affects UNITY: through 6.95-2; PRO: through 6.95-1.Rt3883; MIMO: through 6.95-1.Rt2880; APC Propeller: through 2-5.95-4.Rt3352.
*Credits:
Quentin Kaiser from ONEKEY Research Labs
CVSS Scores
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
System
Vulnerable | Subsequent
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
System
Vulnerable | Subsequent
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-05-16 CVE Reserved
- 2024-05-16 CVE Published
- 2024-05-17 EPSS Updated
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CAPEC
- CAPEC-88: OS Command Injection
References (1)
| URL | Tag | Source |
|---|---|---|
| https://onekey.com/blog/security-advisory-remote-code-execution-in-ligowave-devices | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ligowave Search vendor "Ligowave" | UNITY Search vendor "Ligowave" for product "UNITY" | <= 6.95-2 Search vendor "Ligowave" for product "UNITY" and version " <= 6.95-2" | en |
Affected
| ||||||
| Ligowave Search vendor "Ligowave" | PRO Search vendor "Ligowave" for product "PRO" | <= 6.95-1.rt3883 Search vendor "Ligowave" for product "PRO" and version " <= 6.95-1.rt3883" | en |
Affected
| ||||||
| Ligowave Search vendor "Ligowave" | MIMO Search vendor "Ligowave" for product "MIMO" | <= 6.95-1.rt2880 Search vendor "Ligowave" for product "MIMO" and version " <= 6.95-1.rt2880" | en |
Affected
| ||||||
| Ligowave Search vendor "Ligowave" | APC Propeller Search vendor "Ligowave" for product "APC Propeller" | <= 2-5.95-4.rt3352 Search vendor "Ligowave" for product "APC Propeller" and version " <= 2-5.95-4.rt3352" | en |
Affected
| ||||||