CVE-2024-7442

Name of the Vulnerable Software and Affected Versions Vivotek SD9364 VVTK-0103f (affected versions not specified)

Description A critical issue affects the function getenv of the file upload file.cgi. The manipulation of the argument QUERY STRING leads to command injection. The attack may be initiated remotely. This issue only affects products that are no longer supported by the maintainer. The vendor confirmed that the affected release tree is end-of-life.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.