CVE-2024-41790

Name of the Vulnerable Software and Affected Versions: SENRON 7KT PAC1260 Data Manager (All versions)

Description: A vulnerability has been identified where the web interface of affected devices does not sanitize the region parameter in specific POST requests, such as "/api/region" or similar endpoints. This could allow an authenticated remote attacker to execute arbitrary code with root privileges.

Recommendations: For all versions, as a temporary workaround, consider restricting access to the web interface or sanitizing the region parameter in specific POST requests until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.