PT-2024-20282 · Wanxing Technology · Yitu
Zty-1995
·
Published
2024-10-02
·
Updated
2024-11-13
·
CVE-2024-24122
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Wanxing Technology's Yitu project (affected versions not specified)
Description
A remote code execution issue exists in the project management of Wanxing Technology's Yitu project. This allows an attacker to use the
exp.adpx file as a zip compressed file to construct a special file name. The file can be decompressed into the system startup folder, and upon system restart, the constructed attack script can be automatically executed.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Yitu