← Zuruck zu CVEs
CVE-2024-32850
CRITICAL9.8
Beschreibung
Improper neutralization of special elements used in a command ('Command Injection') exists in SkyBridge MB-A100/MB-A110 firmware Ver. 4.2.2 and earlier and SkyBridge BASIC MB-A130 firmware Ver. 1.5.5 and earlier. If the remote monitoring and control function is enabled on the product, an attacker with access to the product may execute an arbitrary command or login to the product with the administrator privilege.
CVE Details
CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht5/31/2024
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Schwachen (CWE)
CWE-78
Referenzen
https://jvn.jp/en/vu/JVNVU94872523/(vultures@jpcert.or.jp)
https://www.seiko-sol.co.jp/archives/82992/(vultures@jpcert.or.jp)
https://jvn.jp/en/vu/JVNVU94872523/(af854a3a-2127-422b-91ae-364da2661108)
https://www.seiko-sol.co.jp/archives/82992/(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.