CVE-2024-28138

Published Dec 10, 2024

Last updated 3 months ago

CVSS high 7.3

Overview

Description
An unauthenticated attacker with network access to the affected device's web interface can execute any system command via the "msg_events.php" script as the www-data user. The HTTP GET parameter "data" is not properly sanitized.
Source
551230f0-3615-47bd-b7cc-93e92e730bbf
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.3
Impact score
3.4
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Severity
HIGH

Weaknesses

551230f0-3615-47bd-b7cc-93e92e730bbf
CWE-78

Social media

Hype score
Not currently trending

  1. CVE-2024-28138 SEC Consult SA-20241204-0 : Multiple Critical Vulnerabilities in Image ... https://t.co/AV3nhvAZYX Vulnerability Notification: https://t.co/xhLrNnfyrO

    @VulmonFeeds

    5 Dec 2024

    34 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

References