CVE-2024-9324

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Intelbras InControl versions up to 2.21.57

Description A critical issue affects some unknown functionality of the file /v1/operador/ of the component Relatório de Operadores Page. The manipulation of the fields argument leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Recommendations For Intelbras InControl versions up to 2.21.57, upgrade to version 2.21.58 to address this issue. As a temporary workaround, consider restricting access to the /v1/operador/ endpoint of the Relatório de Operadores Page until the patch is applied.

Exploit

Fix

LPE

Improper Neutralization

Special Elements Injection

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-707CWE-74CWE-94

Related Identifiers

CVE-2024-9324

Affected Products

Intelbras Incontrol

CVE-2024-9324

Weakness Enumeration

Related Identifiers

Affected Products

References · 14