CVE-2024-28025

CVSS V2 None CVSS V3 None
Description
Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability refers to the authenticated OS Command Injection that occurs through the attacker-controlled `btn1` parameter, at offset `0x8eb0`.
Overview
  • CVE ID
  • CVE-2024-28025
  • Assigner
  • talos
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-11-21T14:41:20.018Z
  • Last Modified Date
  • 2024-11-21T14:41:20.018Z
History
Created Old Value New Value Data Type Notes
2024-11-22 13:16:02 Added to TrackCVE