CVE-2024-3785

Name of the Vulnerable Software and Affected Versions WBSAirback version 21.02.04

Description The issue involves improper neutralisation of Server-Side Includes (SSI) through the Device NAS shared section, accessible via the /admin/DeviceNAS endpoint. This could allow a remote user to execute arbitrary code.

Recommendations For WBSAirback version 21.02.04, consider restricting access to the /admin/DeviceNAS endpoint until a patch is available. As a temporary workaround, disabling the use of Server-Side Includes (SSI) in the Device NAS shared section may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.