CVE-2024-40089

Published Oct 21, 2024

Last updated 25 days ago

CVSS critical 9.1

Overview

Description: A Command Injection vulnerability in Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, authenticated attackers to execute arbitrary code by injecting shell commands into the name of the Vilo device.
Source: cve@mitre.org
NVD status: Awaiting Analysis

Risk scores

CVSS 3.1

Type: Secondary
Base score: 9.1
Impact score: 6
Exploitability score: 2.3
Vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-77

Hype score: Not currently trending

CVE-2024-40089 A Command Injection vulnerability in Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, authenticated attackers to execute arbitrary code by injecting shell commands… https://t.co/5AhUJ9I4PP
@CVEnew
23 Oct 2024
461 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

References