Missing input validation and OS command integration of the input in the ORing IAP-420 web-interface allows authenticated command injection.This issue affects IAP-420 version 2.01e and below.
Metrics
Affected Vendors & Products
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Wed, 29 Oct 2025 14:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Oringnet iap-420
|
|
| CPEs | cpe:2.3:h:oringnet:iap-420:-:*:*:*:*:*:*:* cpe:2.3:o:oringnet:iap-420_firmware:*:*:*:*:*:*:*:* |
|
| Vendors & Products |
Oringnet iap-420
|
|
| Metrics |
cvssV3_1
|
Wed, 08 Oct 2025 10:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-77 |
Wed, 08 Oct 2025 09:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-78 |
Status: PUBLISHED
Assigner: CyberDanube
Published:
Updated: 2025-10-08T09:14:56.574Z
Reserved: 2024-05-27T08:38:01.961Z
Link: CVE-2024-5411
Updated: 2024-08-01T21:11:12.706Z
Status : Analyzed
Published: 2024-05-28T11:15:10.520
Modified: 2025-10-29T14:00:58.790
Link: CVE-2024-5411
No data.
OpenCVE Enrichment
No data.