GHSA-5wp9-987m-q7mf · Severity: unknown — An OS command injection vulnerability exists in the start_bonjour() function of the "rc" binary...
An OS command injection vulnerability exists in the start_bonjour() function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The wan_hostname configuration parameter is not properly sanitized, which could allow an authenticated remote attacker to execute arbitrary OS commands with root privileges.
Conclusion & alert: CVE-2026-24697 is rated Risk Under Review. Mandatory action: Scoring and exploitation signals are still pending—keep following this page for CVSS or EPSS updates, then reassess remediation priority once scores appear.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
EPSS has not published a score for this CVE yet—common while NVD analysis or FIRST scoring is still pending. Monitor daily updates and reassess once scores appear.
CVSS metrics for this CVE.
No CVSS data in dataset for this CVE.
GHSA-5wp9-987m-q7mf · Severity: unknown — An OS command injection vulnerability exists in the start_bonjour() function of the "rc" binary...
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| No affected products in dataset. | |||