exploitDog

CVE-2024-24301

Опубликовано: 14 фев. 2024

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

Command Injection vulnerability discovered in 4ipnet EAP-767 device v3.42.00 within the web interface of the device allows attackers with valid credentials to inject arbitrary shell commands to be executed by the device with root privileges.

Ссылки

https://github.com/yckuo-sdc/PoC
Exploit
Mitigation
Third Party Advisory
https://github.com/yckuo-sdc/PoC
Exploit
Mitigation
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:4ipnet:eap-767_firmware:3.42.00:*:*:*:*:*:*:*

cpe:2.3:h:4ipnet:eap-767:*:*:*:*:*:*:*:*

EPSS

Процентиль: 86%

0.03085

Низкий

8.8 High

CVSS3

Дефекты

CWE-77

Связанные уязвимости

GHSA-3m2w-jxjv-4wfv

CVSS3: 8.8

github

почти 2 года назад

Command Injection vulnerability discovered in 4ipnet EAP-767 device v3.42.00 within the web interface of the device allows attackers with valid credentials to inject arbitrary shell commands to be executed by the device with root privileges.

EPSS

Процентиль: 86%

0.03085

Низкий

8.8 High

CVSS3

Дефекты

CWE-77