Описание
An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP request can lead to arbitrary OS command execution. An attacker can send a crafted HTTP request to trigger this vulnerability.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:advantech:r-seenet:2.4.12:*:*:*:*:*:*:*
EPSS
Процентиль: 100%
0.90925
Критический
9.8 Critical
CVSS3
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-78
CWE-78
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP request can lead to arbitrary OS command execution. An attacker can send a crafted HTTP request to trigger this vulnerability.
EPSS
Процентиль: 100%
0.90925
Критический
9.8 Critical
CVSS3
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-78
CWE-78