CVE-2024-3659 CRITICAL

CVE-2024-3659: Command injection in KAON AR2140 routers

Vendor Kaon Group

Product AR2140

Weakness CWE-78

Published August 8, 2024

Last update November 17, 2025

View on NVD All CVEs

CVSS base score

10.0/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

What the vulnerability does

01Description

Firmware in KAON AR2140 routers, prior to versions 3.2.50 and 4.2.16, is vulnerable to a shell command injection via sending a crafted request to one of the endpoints. In order to exploit this vulnerability, one has to have access to the administrative portal of the router.

Key dates

02Disclosure timeline

August 8, 2024 CVE published

November 17, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-3659

Related vulnerabilities

Identifiers

CVE CVE-2024-3659

CWE CWE-78

CVSS 10.0 / CRITICAL

Affected versions

Vendor Kaon Group

Product AR2140

Affected ≥ 3.0.0 and < 3.2.50

Vendor Kaon Group

Product AR2140

Affected ≥ 4.0.0 and < 4.2.16

CVE-2024-3659: Command injection in KAON AR2140 routers

01Description

02Disclosure timeline

03References

04Related CVE