CVE-2024-55020

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Weintek cMT-3072XH2 easyweb Web Version 2.1.53, OS 20231011

Description A command injection issue exists in the DHCP activation feature. Successful exploitation allows attackers to execute arbitrary commands with root privileges. The vulnerable component is the DHCP activation feature. The API endpoint involved is not specified. The vulnerable parameter is not specified. The vulnerable function is not specified.

Recommendations Update to a newer version that contains a fix for this vulnerability.

Fix

OS Command Injection

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-20

Related Identifiers

CVE-2024-55020

Affected Products

Cmt-3072Xh2

CVE-2024-55020

Weakness Enumeration

Related Identifiers

Affected Products

References · 7