CVE-2024-8073

Improper Input Validation vulnerability in Hillstone Networks Hillstone Networks Web Application Firewall on 5.5R6 allows Command Injection.This issue affects Hillstone Networks Web Application Firewall: from 5.5R6-2.6.7 through 5.5R6-2.8.13.

Published: Aug 26, 2024
Updated: May 4, 2025
CVE: CVE-2024-8073
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-77

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
hillstonenet / web_application_firewall	5.5r6-2.8.13	5.5r6-2.8.13.x
hillstonenet / web_application_firewall	5.5r6-2.6.7	5.5r6-2.6.7.x

https://www.hillstonenet.com.cn/security-notification/2024/08/21/mlzrld-2/

Vulnerability Database

289,689

CVE-2024-8073