CVE-2024-7578

Summary

A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. It has been classified as critical. Affected is an unknown function of the file /var/www/cmd.php. The manipulation of the argument cmd leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
Alien TechnologyALR-F80019.10.0affected
Alien TechnologyALR-F80019.10.1affected
Alien TechnologyALR-F80019.10.2affected
Alien TechnologyALR-F80019.10.3affected
Alien TechnologyALR-F80019.10.4affected
Alien TechnologyALR-F80019.10.5affected
Alien TechnologyALR-F80019.10.6affected
Alien TechnologyALR-F80019.10.7affected
Alien TechnologyALR-F80019.10.8affected
Alien TechnologyALR-F80019.10.9affected
Alien TechnologyALR-F80019.10.10affected
Alien TechnologyALR-F80019.10.11affected
Alien TechnologyALR-F80019.10.12affected
Alien TechnologyALR-F80019.10.13affected
Alien TechnologyALR-F80019.10.14affected
Alien TechnologyALR-F80019.10.15affected
Alien TechnologyALR-F80019.10.16affected
Alien TechnologyALR-F80019.10.17affected
Alien TechnologyALR-F80019.10.18affected
Alien TechnologyALR-F80019.10.19affected
Alien TechnologyALR-F80019.10.20affected
Alien TechnologyALR-F80019.10.21affected
Alien TechnologyALR-F80019.10.22affected
Alien TechnologyALR-F80019.10.23affected
Alien TechnologyALR-F80019.10.24affected

Weaknesses

  • CWE-285: CWE-285 Improper Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References