All the vulnerabilites related to Yamaha Corporation - WLX413
cve-2024-22366
Vulnerability from cvelistv5
Published
2024-01-24 04:35
Modified
2024-08-01 22:43
Severity ?
EPSS score ?
Summary
Active debug code exists in Yamaha wireless LAN access point devices. If a logged-in user who knows how to use the debug function accesses the device's management page, this function can be enabled by performing specific operations. As a result, an arbitrary OS command may be executed and/or configuration settings of the device may be altered. Affected products and versions are as follows: WLX222 firmware Rev.24.00.03 and earlier, WLX413 firmware Rev.22.00.05 and earlier, WLX212 firmware Rev.21.00.12 and earlier, WLX313 firmware Rev.18.00.12 and earlier, and WLX202 firmware Rev.16.00.18 and earlier.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Yamaha Corporation | WLX222 |
Version: firmware Rev.24.00.03 and earlier |
||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T22:43:34.585Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU99896362.html" }, { "tags": [ "x_transferred" ], "url": "https://jvn.jp/en/vu/JVNVU99896362/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "WLX222", "vendor": "Yamaha Corporation", "versions": [ { "status": "affected", "version": "firmware Rev.24.00.03 and earlier" } ] }, { "product": "WLX413", "vendor": "Yamaha Corporation", "versions": [ { "status": "affected", "version": "firmware Rev.22.00.05 and earlier" } ] }, { "product": "WLX212", "vendor": "Yamaha Corporation", "versions": [ { "status": "affected", "version": "firmware Rev.21.00.12 and earlier" } ] }, { "product": "WLX313", "vendor": "Yamaha Corporation", "versions": [ { "status": "affected", "version": "firmware Rev.18.00.12 and earlier" } ] }, { "product": "WLX202", "vendor": "Yamaha Corporation", "versions": [ { "status": "affected", "version": "firmware Rev.16.00.18 and earlier" } ] } ], "descriptions": [ { "lang": "en", "value": "Active debug code exists in Yamaha wireless LAN access point devices. If a logged-in user who knows how to use the debug function accesses the device\u0027s management page, this function can be enabled by performing specific operations. As a result, an arbitrary OS command may be executed and/or configuration settings of the device may be altered. Affected products and versions are as follows: WLX222 firmware Rev.24.00.03 and earlier, WLX413 firmware Rev.22.00.05 and earlier, WLX212 firmware Rev.21.00.12 and earlier, WLX313 firmware Rev.18.00.12 and earlier, and WLX202 firmware Rev.16.00.18 and earlier." } ], "problemTypes": [ { "descriptions": [ { "description": "Active debug code", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-24T04:35:55.337Z", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert" }, "references": [ { "url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU99896362.html" }, { "url": "https://jvn.jp/en/vu/JVNVU99896362/" } ] } }, "cveMetadata": { "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2024-22366", "datePublished": "2024-01-24T04:35:55.337Z", "dateReserved": "2024-01-09T07:04:26.494Z", "dateUpdated": "2024-08-01T22:43:34.585Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }