CVE-2024-8997

CRITICAL 9.8

SQLi in Vestel's EVC04 Configuration Interface

CVSS Score

9.8

EPSS Score

0.1%

EPSS Percentile

34th

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vestel EVC04 Configuration Interface allows SQL Injection. This issue affects EVC04 Configuration Interface: before V3.187, V4.53.

CWE	CWE-89
Vendor	vestel
Product	evc04 configuration interface
Published	Mar 18, 2025
Last Updated	Jun 2, 2026

Stay Ahead of the Next One

Get instant alerts for vestel evc04 configuration interface

Be the first to know when new critical vulnerabilities affecting vestel evc04 configuration interface are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Vestel / EVC04 Configuration Interface

0 < V3.187, V4.53

References

NVD ↗ CVE.org ↗ EPSS Data ↗

usom.gov.tr: https://www.usom.gov.tr/bildirim/tr-25-0070 siberguvenlik.gov.tr: https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0070

Credits

Omer Fatih YEGIN