CVE-2024-7580

A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/system.html. The manipulation of the argument uploadedFile with the input ;whoami leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
Link Resource
https://github.com/Push3AX/vul/blob/main/Alien%20Technology%20/ALR-F800.md Exploit Third Party Advisory
https://vuldb.com/?ctiid.273860 Permissions Required VDB Entry
https://vuldb.com/?id.273860 Third Party Advisory VDB Entry
https://vuldb.com/?submit.382481 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:alientechnology:alr-f800_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:alientechnology:alr-f800:-:*:*:*:*:*:*:*

History

07 Aug 2024, 20:47

Type Values Removed Values Added
CVSS v2 : 6.5
v3 : 6.3
v2 : 6.5
v3 : 9.8
First Time Alientechnology alr-f800 Firmware
Alientechnology alr-f800
Alientechnology
References () https://github.com/Push3AX/vul/blob/main/Alien%20Technology%20/ALR-F800.md - () https://github.com/Push3AX/vul/blob/main/Alien%20Technology%20/ALR-F800.md - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.273860 - () https://vuldb.com/?ctiid.273860 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.273860 - () https://vuldb.com/?id.273860 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.382481 - () https://vuldb.com/?submit.382481 - Third Party Advisory, VDB Entry
CPE cpe:2.3:h:alientechnology:alr-f800:-:*:*:*:*:*:*:*
cpe:2.3:o:alientechnology:alr-f800_firmware:*:*:*:*:*:*:*:*

07 Aug 2024, 15:17

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-07 15:15

Updated : 2024-08-07 20:47


NVD link : CVE-2024-7580

Mitre link : CVE-2024-7580

CVE.ORG link : CVE-2024-7580


JSON object : View

Products Affected

alientechnology

  • alr-f800
  • alr-f800_firmware
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')