CVE-2024-8997 – This SQL injection vulnerability in Vestel EVC0... (How to Fix)

Q: What is the severity of CVE-2024-8997?

CVE-2024-8997 has a CVSS score of 9.8 (CRITICAL). This SQL injection vulnerability in Vestel EVC04 Configuration Interface allows attackers to execute arbitrary SQL commands through the web interface. It affects all systems running EVC04 Configuration Interface versions before V3.187 and V4.53, potentially compromising the entire device configuration.

📋 TL;DR

This SQL injection vulnerability in Vestel EVC04 Configuration Interface allows attackers to execute arbitrary SQL commands through the web interface. It affects all systems running EVC04 Configuration Interface versions before V3.187 and V4.53, potentially compromising the entire device configuration.

💻 Affected Systems

Products:

Vestel EVC04 Configuration Interface

Versions: All versions before V3.187 and V4.53

Operating Systems: Embedded systems running Vestel firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the web-based configuration interface of EVC04 devices

📦 What is this software?

Evc04 Configuration Interface by Vestel

View all CVEs affecting Evc04 Configuration Interface →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device takeover, configuration modification, credential theft, and potential lateral movement to connected systems.

🟠

Likely Case

Unauthorized access to configuration data, modification of device settings, and potential denial of service.

🟢

If Mitigated

Limited impact if proper network segmentation and input validation are implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection vulnerabilities typically have low exploitation complexity, especially in web interfaces

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V3.187 or V4.53

Vendor Advisory: https://www.usom.gov.tr/bildirim/tr-25-0070

Restart Required: Yes

Instructions:

1. Download the latest firmware from Vestel. 2. Backup current configuration. 3. Apply firmware update. 4. Restart the device. 5. Verify the update was successful.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict access to the configuration interface to trusted networks only

Web Application Firewall

all

Deploy a WAF with SQL injection protection rules

🧯 If You Can't Patch

Isolate the device on a separate VLAN with strict access controls
Disable the web interface if not required and use alternative management methods

🔍 How to Verify

Check if Vulnerable:

Check the firmware version in the web interface or via SSH if available

Check Version:

Check via web interface at /status or similar endpoint

Verify Fix Applied:

Verify the firmware version shows V3.187 or V4.53 or higher

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in application logs
Multiple failed login attempts with SQL syntax

Network Indicators:

HTTP requests containing SQL keywords to configuration endpoints
Unusual traffic patterns to the configuration interface

SIEM Query:

source="web_logs" AND (url="*/config*" OR url="*/admin*") AND (query CONTAINS "UNION" OR query CONTAINS "SELECT *" OR query CONTAINS "DROP TABLE")

📊 Metadata

CVE ID: CVE-2024-8997

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

EPSS Score: 0.1% exploit probability (28.4th percentile)

Published: March 18, 2025

Last Updated: June 27, 2025

🔗 References

https://www.usom.gov.tr/bildirim/tr-25-0070 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-8997, you might also want to check these: