PT-2024-38431 · Alien Technology · Alien Technology Alr-F800

Pusheax

Published

2024-08-07

Updated

2024-08-28

CVE-2024-7578

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Alien Technology ALR-F800 versions up to 19.10.24.00

Description A critical issue has been found, affecting an unknown function of the file /var/www/cmd.php. The manipulation of the cmd argument leads to improper authorization, allowing for remote attacks. The issue has been publicly disclosed, and the vendor was contacted but did not respond.

Recommendations For Alien Technology ALR-F800 versions up to 19.10.24.00, as a temporary workaround, consider restricting access to the /var/www/cmd.php file until a patch is available. Avoid using the cmd argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285

Related Identifiers

CVE-2024-7578

Affected Products

Alien Technology Alr-F800

PT-2024-38431 · Alien Technology · Alien Technology Alr-F800

CVE-2024-7578

Weakness Enumeration

Related Identifiers

Affected Products

References · 8