CVE-2024-42905

Beijing Digital China Cloud Technology Co., Ltd. DCME-320 v.7.4.12.60 has a command execution vulnerability, which can be exploited to obtain device administrator privileges via the getVar function in the code/function/system/tool/ping.php file.
Configurations

No configuration.

History

29 Aug 2024, 13:25

Type Values Removed Values Added
Summary
  • (es) Beijing Digital China Cloud Technology Co., Ltd. DCME-320 v.7.4.12.60 tiene una vulnerabilidad de ejecución de comandos, que puede explotarse para obtener privilegios de administrador del dispositivo a través de la función getVar en el archivo code/function/system/tool/ping.php.

28 Aug 2024, 19:35

Type Values Removed Values Added
CWE CWE-77
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8

28 Aug 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-28 18:15

Updated : 2024-08-29 13:25


NVD link : CVE-2024-42905

Mitre link : CVE-2024-42905

CVE.ORG link : CVE-2024-42905


JSON object : View

Products Affected

No product.

CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')