CVE-2024-9977

EPSS 14.52%
Veröffentlicht 15.10.2024 13:15:11
Zuletzt bearbeitet 16.10.2024 16:38:43
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability, which was classified as critical, was found in MitraStar GPT-2541GNAC BR_g5.6_1.11(WVK.0)b26. Affected is an unknown function of the file /cgi-bin/settings-firewall.cgi of the component Firewall Settings Page. The manipulation of the argument SrcInterface leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. We tried to contact the vendor early about the disclosure but the official mail address was not working properly.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Herstellermitrastar

≫

Produkt gpt-2541gnac

Default Statusunknown

Version BR_g5.6_1.11(WVK.0)b26

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	14.52%	0.942

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@vuldb.com	5.1	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	4.7	1.2	3.4	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
cna@vuldb.com	5.8	6.4	6.4	AV:N/AC:L/Au:M/C:P/I:P/A:P

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

https://github.com/peritocibernetico/VivoCodeExecutionFirewall/

https://vuldb.com/?ctiid.280344

https://vuldb.com/?id.280344

https://vuldb.com/?submit.423561

https://nvd.nist.gov/vuln/detail/CVE-2024-9977

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-9977

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-9977

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-9977