CVE-2024-30220

Summary

Command injection vulnerability in PLANEX COMMUNICATIONS wireless LAN routers allows a network-adjacent unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port. Note that MZK-MF300N is no longer supported, therefore the update for this product is not provided.

Affected Software

VendorProductVersion RangeStatus
PLANEX COMMUNICATIONS INC.MZK-MF300Nall firmware versionsaffected
PLANEX COMMUNICATIONS INC.MZK-MF300HP2firmware versions 1.18 and earlieraffected

Weaknesses

  • CWE-77: Improper neutralization of special elements used in a command ('Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References