CVE-2024-45827 HIGH

CVE-2024-45827

Vendor Softbank Corp.

Product Mesh Wi-Fi router RP562B

Weakness CWE-78

Published November 12, 2024

Last update November 12, 2024

View on NVD All CVEs

CVSS base score

8.0/10

Attack vector Adjacent

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. If this vulnerability is exploited, a network-adjacent authenticated attacker may execute an arbitrary OS command.

Key dates

02Disclosure timeline

November 12, 2024 CVE published

November 12, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-45827

Related vulnerabilities

04Related CVE

CVE-2023-53948 Lilac-Reloaded for Nagios 2.0.8 Remote Code Execution via Autodiscovery CVE-2026-9405 Totolink A8000RU Web Management cstecgi.cgi setGameSpeedCfg os command injection CVE-2025-34227 Nagios XI < 2026R1 Configuration Wizard Authenticated Command Injection CVE-2026-32608 Glances has a Command Injection via Process Names in Action Command Templates CVE-2025-15502 Sangfor Operation and Maintenance Management System session SessionController os command injection

Identifiers

CVE CVE-2024-45827

CWE CWE-78

CVSS 8.0 / HIGH

Affected versions

Vendor Softbank Corp.

Product Mesh Wi-Fi router RP562B

Affected firmware version v1.0.2 and earlier