CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-5411

Missing input validation and OS command integration of the input in the ORing IAP-420 web-interface allows authenticated command injection.This issue affects IAP-420 version 2.01e and below.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.234

EPSS Ranking 97.5%

CVSS Severity

CVSS v3 Score 8.8

References

http://seclists.org/fulldisclosure/2024/May/36
https://cyberdanube.com/en/en-multiple-vulnerabilities-in-oring-iap420/
http://seclists.org/fulldisclosure/2024/May/36
https://cyberdanube.com/en/en-multiple-vulnerabilities-in-oring-iap420/

Products affected by CVE-2024-5411

Oringnet » Iap-420 » Version: N/A

cpe:2.3:h:oringnet:iap-420:-
Oringnet » Iap-420 Firmware » Version: 2.01e

cpe:2.3:o:oringnet:iap-420_firmware:2.01e
Oringnet » Iap-420 Firmware » Version: 2.0m

cpe:2.3:o:oringnet:iap-420_firmware:2.0m

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-5411

Products

Pricing

Contact Us