RCE in Ligowave Apc Propeller

CVE-2024-4999

A vulnerability in the web-based management interface of multiple Ligowave devices could allow an authenticated remote attacker to execute arbitrary commands with elevated privileges.This issue affects UNITY: through 6.95-2; PRO: through 6…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.122 (95.6th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2024-4999?
CVE-2024-4999 is a vulnerability in Ligowave Apc Propeller, classified under Command Injection. Published 2024-05-16.
Is CVE-2024-4999 known to be exploited?
1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.