CVE-2024-8997

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-8997
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vestel EVC04 Configuration Interface allows SQL Injection.This issue affects EVC04 Configuration Interface: before V3.187, V4.53.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.usom.gov.tr/bildirim/tr-25-0070 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:vestel:evc04_configuration_interface:*:*:*:*:*:*:*:*
History

27 Jun 2025, 10:15

Type Values Removed Values Added
References () https://www.usom.gov.tr/bildirim/tr-25-0070 - () https://www.usom.gov.tr/bildirim/tr-25-0070 - Third Party Advisory
CPE cpe:2.3:a:vestel:evc04_configuration_interface:*:*:*:*:*:*:*:*
First Time Vestel
Vestel evc04 Configuration Interface
Summary
  • (es) La vulnerabilidad de neutralización incorrecta de elementos especiales utilizados en un comando SQL ('Inyección SQL') en Vestel EVC04 Configuration Interface permite la inyección SQL. Este problema afecta a la interfaz de configuración de EVC04: hasta el 18.03.2025.
Summary (en) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vestel EVC04 Configuration Interface allows SQL Injection.This issue affects EVC04 Configuration Interface: through 18.03.2025. (en) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vestel EVC04 Configuration Interface allows SQL Injection.This issue affects EVC04 Configuration Interface: before V3.187, V4.53.

18 Mar 2025, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-03-18 14:15

Updated : 2025-06-27 10:15

NVD link : CVE-2024-8997

Mitre link : CVE-2024-8997

CVE.ORG link : CVE-2024-8997

JSON object : View

Products Affected

vestel

  • evc04_configuration_interface
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')