PT-2024-31148 · Fbm 292W · Fbm 292W
Published
2024-10-11
·
Updated
2024-10-16
·
CVE-2024-44414
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
FBM 292W version 21.03.10V
Description
A critical issue has been discovered, affecting the sub 4901E0 function in the msp info.htm file. Manipulation of the
path parameter can lead to command injection.Recommendations
For FBM 292W version 21.03.10V, consider disabling the sub 4901E0 function in the msp info.htm file as a temporary workaround until a patch is available. Restrict access to the msp info.htm file to minimize the risk of exploitation. Avoid using the
path parameter in the affected function until the issue is resolved.Exploit
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fbm 292W