CVE-2024-9977

Name of the Vulnerable Software and Affected Versions MitraStar GPT-2541GNAC BR g5.6 1.11(WVK.0)b26

Description A critical issue was found in the Firewall Settings Page component, specifically in the /cgi-bin/settings-firewall.cgi file. The SrcInterface argument is vulnerable to os command injection, allowing for remote attacks. The issue has been publicly disclosed.

Recommendations For MitraStar GPT-2541GNAC BR g5.6 1.11(WVK.0)b26, consider restricting access to the /cgi-bin/settings-firewall.cgi file as a temporary workaround until a patch is available. Avoid manipulating the SrcInterface argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.