CVE-2024-52781

Name of the Vulnerable Software and Affected Versions DCME-320 versions 7.4.12.90 and earlier DCME-520 versions 9.25.5.11 and earlier DCME-320-L versions 9.3.5.26 and earlier DCME-720 versions 9.1.5.11 and earlier

Description The issue allows for Remote Code Execution via the "/function/system/tool/traceroute.php" API endpoint. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited.

Recommendations For DCME-320 versions 7.4.12.90 and earlier, consider disabling access to the "/function/system/tool/traceroute.php" API endpoint until a patch is available. For DCME-520 versions 9.25.5.11 and earlier, consider disabling access to the "/function/system/tool/traceroute.php" API endpoint until a patch is available. For DCME-320-L versions 9.3.5.26 and earlier, consider disabling access to the "/function/system/tool/traceroute.php" API endpoint until a patch is available. For DCME-720 versions 9.1.5.11 and earlier, consider disabling access to the "/function/system/tool/traceroute.php" API endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.