CVE-2024-7443

Name of the Vulnerable Software and Affected Versions Vivotek IB8367A VVTK-0100b (affected versions not specified)

Description A critical vulnerability has been found in the function getenv of the file upload file.cgi. The manipulation of the argument QUERY STRING leads to command injection. It is possible to launch the attack remotely. This issue only affects products that are no longer supported by the maintainer. The vendor confirmed that the affected release tree is end-of-life.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.