CVE-2024-48860

Name of the Vulnerable Software and Affected Versions: QuRouter versions prior to 2.4.3.103

Description: An OS command injection vulnerability has been reported, which could allow remote attackers to execute commands if exploited. Over 2,500 services are potentially affected. The issue is related to the failure to neutralize special elements used in OS commands.

Recommendations: For QuRouter versions prior to 2.4.3.103, update to version 2.4.3.103 or later to resolve the issue. As a temporary workaround, consider restricting access to vulnerable components until a patch is applied. Avoid using the vulnerable functionality in the affected QuRouter versions until the issue is resolved.