CVE-2024-7580

Name of the Vulnerable Software and Affected Versions Alien Technology ALR-F800 versions up to 19.10.24.00

Description A critical issue affects some unknown functionality of the file /admin/system.html. The manipulation of the argument uploadedFile with the input ';whoami' leads to os command injection. This can be exploited remotely.

Recommendations For Alien Technology ALR-F800 versions up to 19.10.24.00, as a temporary workaround, consider restricting access to the /admin/system.html file and avoid using the uploadedFile argument until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.