CVE-2024-7440

Name of the Vulnerable Software and Affected Versions Vivotek CC8160 VVTK-0100d (affected versions not specified)

Description A critical vulnerability affects the function getenv of the file upload file.cgi. The manipulation of the argument QUERY STRING leads to command injection. It is possible to initiate the attack remotely. This issue poses a significant threat with a high likelihood of exploitation in the wild. The vendor has confirmed that the affected release tree is end-of-life.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.