CVE-2024-30220 – A command injection vulnerability in PLANEX COM... (How to Fix)

Q: What is the severity of CVE-2024-30220?

CVE-2024-30220 has a CVSS score of 8.8 (HIGH). A command injection vulnerability in PLANEX COMMUNICATIONS wireless LAN routers allows attackers on the same network to execute arbitrary commands without authentication by sending malicious requests to a specific port. This affects MZK-MF300N routers and potentially other models, but the MZK-MF300N is no longer supported and won't receive updates.

📋 TL;DR

A command injection vulnerability in PLANEX COMMUNICATIONS wireless LAN routers allows attackers on the same network to execute arbitrary commands without authentication by sending malicious requests to a specific port. This affects MZK-MF300N routers and potentially other models, but the MZK-MF300N is no longer supported and won't receive updates.

💻 Affected Systems

Products:

PLANEX COMMUNICATIONS MZK-MF300N wireless LAN router

Versions: All versions (product end-of-life)

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: MZK-MF300N is no longer supported. Other PLANEX models may be affected but not confirmed.

📦 What is this software?

Mzk Mf300hp2 Firmware by Planex

View all CVEs affecting Mzk Mf300hp2 Firmware →

Mzk Mf300n Firmware by Planex

View all CVEs affecting Mzk Mf300n Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise allowing attacker to install persistent backdoors, pivot to other network devices, steal credentials, or launch attacks against internal systems.

🟠

Likely Case

Router takeover leading to network traffic interception, DNS hijacking, credential theft, and deployment of malware to connected devices.

🟢

If Mitigated

Limited impact if network segmentation isolates routers and strict firewall rules block unauthorized access to the vulnerable port.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Attack requires network adjacency but no authentication. Exploit details not publicly available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: N/A

Vendor Advisory: https://jvn.jp/en/vu/JVNVU91975826/

Restart Required: No

Instructions:

No official patch available. Replace affected devices with supported models.

🔧 Temporary Workarounds

Block vulnerable port with firewall

all

Configure network firewall to block access to the vulnerable port from untrusted networks

Network segmentation

all

Isolate affected routers in separate VLANs with strict access controls

🧯 If You Can't Patch

Replace affected routers with supported models immediately
Implement strict network segmentation to limit attack surface

🔍 How to Verify

Check if Vulnerable:

Check device model and firmware version. If MZK-MF300N, assume vulnerable.

Check Version:

Check router web interface or console for model and firmware information

Verify Fix Applied:

Verify device has been replaced with supported model or isolated from network.

📡 Detection & Monitoring

Log Indicators:

Unusual command execution in router logs
Unexpected configuration changes
Failed authentication attempts on management interface

Network Indicators:

Unusual traffic to router management port from internal hosts
Suspicious outbound connections from router

SIEM Query:

source_ip IN (internal_network) AND dest_port = [vulnerable_port] AND protocol = TCP

📊 Metadata

CVE ID: CVE-2024-30220

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-77

Published: April 15, 2024

Last Updated: August 27, 2025

🔗 References

https://jvn.jp/en/vu/JVNVU91975826/ Third Party Advisory
https://jvn.jp/en/vu/JVNVU91975826/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-30220, you might also want to check these: