CVE-2024-6145

Name of the Vulnerable Software and Affected Versions Actiontec WCB6200Q (affected versions not specified)

Description This issue allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. The flaw exists within the HTTP server, where a crafted Cookie header in an HTTP request can trigger the use of a format specifier from a user-supplied string. An attacker can leverage this to execute code in the context of the HTTP server. Authentication is not required to exploit this issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.