CVE-2024-33792

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions netis-systems MEX605 version 2.00.06

Description The issue allows attackers to execute arbitrary OS commands via a crafted payload to the tracert page. It is also described as a cross-site scripting (XSS) vulnerability, which enables attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tracert page.

Recommendations For netis-systems MEX605 version 2.00.06, consider disabling access to the tracert page as a temporary workaround until a patch is available. Restricting the use of the tracert page can minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

OS Command Injection

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-20

Related Identifiers

CVE-2024-33792

Affected Products

Netis-Systems Mex605

CVE-2024-33792

Weakness Enumeration

Related Identifiers

Affected Products

References · 7