PT-2024-19054 · Unknown · Mc Lr Router
Matt Wiseman
·
Published
2024-11-21
·
Updated
2024-12-18
·
CVE-2024-21786
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
MC LR Router version 2.10.5
Description
An OS command injection vulnerability exists in the web interface configuration upload functionality. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Recommendations
For version 2.10.5, patch immediately to prevent potential system compromise. As a temporary workaround, consider restricting access to the web interface configuration upload functionality until a patch is available. Monitor for exploit attempts to minimize the risk of exploitation.
Exploit
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mc Lr Router