Vulnerability Details : CVE-2023-3380
A vulnerability classified as critical has been found in Wavlink WN579X3 up to 20230615. Affected is an unknown function of the file /cgi-bin/adm.cgi of the component Ping Test. The manipulation of the argument pingIp leads to injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-232236. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Products affected by CVE-2023-3380
- cpe:2.3:o:wavlink:wn579x3_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-3380
13.98%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-3380
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.8
|
MEDIUM | AV:N/AC:L/Au:M/C:P/I:P/A:P |
6.4
|
6.4
|
VulDB | |
4.7
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L |
1.2
|
3.4
|
VulDB | |
4.7
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L |
1.2
|
3.4
|
VulDB | 2024-02-29 |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2023-3380
-
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.Assigned by:
- cna@vuldb.com (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2023-3380
-
https://github.com/sleepyvv/vul_report/blob/main/WAVLINK/WAVLINK-WN579X3-RCE.md
vul_report/WAVLINK/WAVLINK-WN579X3-RCE.md at main · sleepyvv/vul_report · GitHubExploit;Third Party Advisory
-
https://vuldb.com/?id.232236
CVE-2023-3380: Wavlink WN579X3 Ping Test adm.cgi injectionThird Party Advisory
-
https://vuldb.com/?ctiid.232236
CVE-2023-3380: Wavlink WN579X3 Ping Test adm.cgi injectionPermissions Required;Third Party Advisory
Jump to