PT-2024-25260 · Kasda · Kasda Linksmart Router Kw5515

Quartzdust

Published

2024-11-20

Updated

2024-11-27

CVE-2024-33439

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Kasda LinkSmart Router KW5515 versions 1.7 and earlier

Description The issue allows an authenticated remote attacker to execute arbitrary OS commands via cgi parameters.

Recommendations For Kasda LinkSmart Router KW5515 versions 1.7 and earlier, consider restricting access to cgi parameters to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

CVE-2024-33439

Affected Products

Kasda Linksmart Router Kw5515

PT-2024-25260 · Kasda · Kasda Linksmart Router Kw5515

CVE-2024-33439

Weakness Enumeration

Related Identifiers

Affected Products

References · 5