RCE in Ligowave Apc Propeller
CVE-2024-4999
A vulnerability in the web-based management interface of multiple Ligowave devices could allow an authenticated remote attacker to execute arbitrary commands with elevated privileges.This issue affects UNITY: through 6.95-2; PRO: through 6…
Vulnerability class: Command Injection (OS Command Injection)
EPSS: 0.122 (95.6th percentile) — read the EPSS interpretation.
Affected products
- Ligowave Apc Propeller — versions 0
- Ligowave Mimo — versions 0
- Ligowave Pro — versions 0
- Ligowave Unity — versions 0
Weakness classification (CWE)
Public proof-of-concept exploits
References
- research@onekey.com (third-party-advisory)
Frequently asked questions
- What is CVE-2024-4999?
- CVE-2024-4999 is a vulnerability in Ligowave Apc Propeller, classified under Command Injection. Published 2024-05-16.
- Is CVE-2024-4999 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.