RCE in N/a

CVE-2024-41992

Wi-Fi Alliance wfa_dut (in Wi-Fi Test Suite) through 9.0.0 allows OS command injection via 802.11x frames because the system() library function is used. For example, on Arcadyan FMIMG51AX000J devices, this leads to wfaTGSendPing remote cod…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.025 (83.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

  • N/a — versions n/a

Weakness classification (CWE)

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2024-41992?
CVE-2024-41992 is a high-severity vulnerability in N/a, classified under OS Command Injection. CVSS score: 8.8/10. Published 2024-11-11.
How severe is CVE-2024-41992?
High severity. CVSS v3 base score is 8.8 out of 10.
Is CVE-2024-41992 known to be exploited?
2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.