Missing input validation and OS command integration of the input in the ORing IAP-420 web-interface allows authenticated command injection.This issue affects IAP-420 version 2.01e and below.
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 29 Oct 2025 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Oringnet iap-420
CPEs cpe:2.3:h:oringnet:iap-420:-:*:*:*:*:*:*:*
cpe:2.3:o:oringnet:iap-420_firmware:*:*:*:*:*:*:*:*
Vendors & Products Oringnet iap-420
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


Wed, 08 Oct 2025 10:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-77

Wed, 08 Oct 2025 09:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-78

cve-icon MITRE

Status: PUBLISHED

Assigner: CyberDanube

Published:

Updated: 2025-10-08T09:14:56.574Z

Reserved: 2024-05-27T08:38:01.961Z

Link: CVE-2024-5411

cve-icon Vulnrichment

Updated: 2024-08-01T21:11:12.706Z

cve-icon NVD

Status : Analyzed

Published: 2024-05-28T11:15:10.520

Modified: 2025-10-29T14:00:58.790

Link: CVE-2024-5411

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.