CVE-2024-57238

CVSS 3.1 Score 7.3 of 10 (high)

Details

Published Feb 3, 2025

Updated: Feb 12, 2025

CWE ID 89

Summary

CVE-2024-57238 is a newly identified SQL Injection vulnerability affecting the Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05. This issue lies in the /reqproc/proc_get endpoint, allowing an attacker to inject malicious SQL code into the order_by parameter. By doing so, they can manipulate SQL queries and potentially access sensitive data or execute unauthorized commands on the affected system. This vulnerability poses a significant risk, particularly in environments where the device is exposed to untrusted networks or users. To mitigate this risk, it is recommended that users upgrade to the latest firmware version as soon as it becomes available.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database