PT-2024-38945 · Gether Technology · 6Shr System
Eunice Lin
+2
·
Published
2024-08-29
·
Updated
2024-09-05
·
CVE-2024-8330
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
6SHR system from Gether Technology (affected versions not specified)
Description:
The 6SHR system from Gether Technology does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload web shell scripts and use them to execute arbitrary system commands on the server. This issue enables attackers to upload malicious scripts and execute commands remotely.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
6Shr System