CVE-2024-28811

An issue was discovered in Infinera hiT 7300 5.60.50. A web application allows a remote privileged attacker to execute applications contained in a specific OS directory via HTTP invocations.
References
Link Resource
https://www.cvcn.gov.it/cvcn/cve/CVE-2024-28811 Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:nokia:hit_7300_firmware:5.60.50:*:*:*:*:*:*:*
cpe:2.3:h:nokia:hit_7300:-:*:*:*:*:*:*:*

History

30 May 2025, 14:50

Type Values Removed Values Added
First Time Nokia hit 7300 Firmware
Nokia
Nokia hit 7300
References () https://www.cvcn.gov.it/cvcn/cve/CVE-2024-28811 - () https://www.cvcn.gov.it/cvcn/cve/CVE-2024-28811 - Third Party Advisory
CPE cpe:2.3:h:nokia:hit_7300:-:*:*:*:*:*:*:*
cpe:2.3:o:nokia:hit_7300_firmware:5.60.50:*:*:*:*:*:*:*

25 Nov 2024, 21:15

Type Values Removed Values Added
CWE CWE-94
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 3.3

04 Oct 2024, 13:51

Type Values Removed Values Added
Summary
  • (es) Se descubrió un problema en Infinera hiT 7300 5.60.50. Una aplicación web permite que un atacante remoto con privilegios ejecute aplicaciones contenidas en un directorio de SO específico a través de invocaciones HTTP.

30 Sep 2024, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-30 19:15

Updated : 2025-05-30 14:50


NVD link : CVE-2024-28811

Mitre link : CVE-2024-28811

CVE.ORG link : CVE-2024-28811


JSON object : View

Products Affected

nokia

  • hit_7300_firmware
  • hit_7300
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')