Multiple OS command injection vulnerabilities affecting... · CVE-2024-37023 · GitHub Advisory Database · GitHub

Multiple OS command injection vulnerabilities affecting...

Critical severity Unreviewed Published Aug 12, 2024 to the GitHub Advisory Database • Updated Aug 12, 2024

Package

No package listed— Suggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

Multiple OS command injection vulnerabilities affecting Vonets

industrial wifi bridge relays and wifi bridge repeaters, software
versions 3.3.23.6.9 and prior, enable an authenticated remote attacker
to execute arbitrary OS commands via various endpoint parameters.

References

Published by the National Vulnerability Database

Aug 12, 2024

Published to the GitHub Advisory Database Aug 12, 2024

Last updated Aug 12, 2024

Severity

Critical

/ 10

CVSS v4 base metrics

Exploitability Metrics

Attack Vector Network

Attack Complexity Low

Attack Requirements None

Privileges Required High

User interaction None

Vulnerable System Impact Metrics

Confidentiality High

Integrity High

Availability High

Subsequent System Impact Metrics

Confidentiality High

Integrity High

Availability High

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X