CVE-2024-54006

HIGH EXPLOITED

501 Wireless Client Bridge - Command Injection

Title source: llm

Exploitation Summary

CVE-2024-54006 has been observed exploited in the wild (reported by VulnCheck KEV).

Description

Multiple command injection vulnerabilities exist in the web interface of the 501 Wireless Client Bridge which could lead to authenticated remote command execution. Successful exploitation of these vulnerabilities result in the ability of an attacker to execute arbitrary commands as a privileged user on the underlying operating system. Exploitation requires administrative authentication credentials on the host system.

References (1)

Core 1

Core References

Vendor Advisory

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04763en_us&docLocale=en_US

Scores

CVSS v3 7.2

EPSS 0.0155

EPSS Percentile 71.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

VulnCheck KEV 2025-11-07

CWE

CWE-77

Status published

Products (1)

Hewlett Packard Enterprise (HPE)/HPE Aruba Networking 501 Wireless Client Bridge V2.0.0.0 - V2.1.1.0-B0030

Published Jan 07, 2025

Tracked Since Feb 18, 2026