← Retour aux CVEs
CVE-2024-47901
CRITICAL10.0
Description
A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which is not the default configuration)). The web server of affected devices does not sanitize the input parameters in specific GET requests that allow for code execution on operating system level. In combination with other vulnerabilities (CVE-2024-47902, CVE-2024-47903, CVE-2024-47904) this could allow an unauthenticated remote attacker to execute arbitrary code with root privileges.
Details CVE
Score CVSS v3.110.0
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie10/23/2024
Derniere modification10/30/2024
Sourcenvd
Observations honeypot0
Produits affectes
siemens:intermesh_7177_hybrid_2.0_subscribersiemens:intermesh_7707_fire_subscribersiemens:intermesh_7707_fire_subscriber_firmware
Faiblesses (CWE)
CWE-78
References
https://cert-portal.siemens.com/productcert/html/ssa-333468.html(productcert@siemens.com)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.