PT-2024-31207 · Gigastone · Gigastone Tr1 Travel Router R101

James Smith

Published

2024-09-25

Updated

2024-10-10

CVE-2024-44678

CVSS v3.1

8.0

High

Vector

AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Gigastone TR1 Travel Router R101 version 1.0.2

Description The issue allows an authenticated attacker to execute arbitrary commands on the device by sending a crafted HTTP request to the ssid parameter in the request. This enables the attacker to gain control over the device.

Recommendations For Gigastone TR1 Travel Router R101 version 1.0.2, as a temporary workaround, consider restricting access to the ssid parameter in HTTP requests until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2024-44678

Affected Products

Gigastone Tr1 Travel Router R101

PT-2024-31207 · Gigastone · Gigastone Tr1 Travel Router R101

CVE-2024-44678

Weakness Enumeration

Related Identifiers

Affected Products

References · 8