CVE-2024-7578

A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. It has been classified as critical. Affected is an unknown function of the file /var/www/cmd.php. The manipulation of the argument cmd leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
Link Resource
https://github.com/Push3AX/vul/blob/main/Alien%20Technology%20/ALR-F800.md Exploit Third Party Advisory
https://vuldb.com/?ctiid.273858 Permissions Required Third Party Advisory VDB Entry
https://vuldb.com/?id.273858 Permissions Required Third Party Advisory VDB Entry
https://vuldb.com/?submit.382469 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:alientechnology:alr-f800_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:alientechnology:alr-f800:-:*:*:*:*:*:*:*

History

28 Aug 2024, 18:27

Type Values Removed Values Added
Summary
  • (es) Se encontró una vulnerabilidad en Alien Technology ALR-F800 hasta 19.10.24.00. Ha sido clasificada como crítica. Una función desconocida del archivo /var/www/cmd.php es afectada por esta vulnerabilidad. La manipulación del argumento cmd conduce a una autorización inadecuada. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. NOTA: Se contactó primeramente con el proveedor sobre esta divulgación, pero no respondió de ninguna manera.
CPE cpe:2.3:h:alientechnology:alr-f800:-:*:*:*:*:*:*:*
cpe:2.3:o:alientechnology:alr-f800_firmware:*:*:*:*:*:*:*:*
References () https://github.com/Push3AX/vul/blob/main/Alien%20Technology%20/ALR-F800.md - () https://github.com/Push3AX/vul/blob/main/Alien%20Technology%20/ALR-F800.md - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.273858 - () https://vuldb.com/?ctiid.273858 - Permissions Required, Third Party Advisory, VDB Entry
References () https://vuldb.com/?id.273858 - () https://vuldb.com/?id.273858 - Permissions Required, Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.382469 - () https://vuldb.com/?submit.382469 - Third Party Advisory, VDB Entry
CVSS v2 : 7.5
v3 : 7.3
v2 : 7.5
v3 : 9.8
First Time Alientechnology alr-f800 Firmware
Alientechnology alr-f800
Alientechnology

07 Aug 2024, 13:16

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-07 13:16

Updated : 2024-08-28 18:27


NVD link : CVE-2024-7578

Mitre link : CVE-2024-7578

CVE.ORG link : CVE-2024-7578


JSON object : View

Products Affected

alientechnology

  • alr-f800
  • alr-f800_firmware
CWE
CWE-285

Improper Authorization