CVE-2024-26260
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The functionality for synchronization in HGiga OAKlouds' certain moudules has an OS Command Injection vulnerability, allowing remote attackers to inject system commands within specific request parameters. This enables the execution of arbitrary code on the remote server without permission.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Hgiga | OAKlouds | earlier < 188 | affected |
| Hgiga | OAKlouds | earlier < 1051 | affected |
Weaknesses
- CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
ADP Enrichment
CVE Program Container
Additional References
- https://www.twcert.org.tw/tw/cp-132-7673-688b7-1.html
- https://www.chtsecurity.com/news/e456f679-9091-4de4-8f78-9262d20d6a96
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
- https://www.twcert.org.tw/tw/cp-132-7673-688b7-1.html
- https://www.chtsecurity.com/news/e456f679-9091-4de4-8f78-9262d20d6a96
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.