CVE-2024-50811

Summary

hopetree izone lts c011b48 contains a server-side request forgery (SSRF) vulnerability in the active push function as \apps\tool\apis\bd_push.py does not securely filter user input through push_urls() and get_urls().

Affected Software

VendorProductVersion RangeStatus
n/an/an/aaffected

Weaknesses

  • n/a

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: total

References