CVE-2024-7579

Summary

A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. It has been declared as critical. Affected by this vulnerability is the function popen of the file /var/www/cgi-bin/upgrade.cgi of the component File Name Handler. The manipulation of the argument uploadedFile leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
Alien TechnologyALR-F80019.10.0affected
Alien TechnologyALR-F80019.10.1affected
Alien TechnologyALR-F80019.10.2affected
Alien TechnologyALR-F80019.10.3affected
Alien TechnologyALR-F80019.10.4affected
Alien TechnologyALR-F80019.10.5affected
Alien TechnologyALR-F80019.10.6affected
Alien TechnologyALR-F80019.10.7affected
Alien TechnologyALR-F80019.10.8affected
Alien TechnologyALR-F80019.10.9affected
Alien TechnologyALR-F80019.10.10affected
Alien TechnologyALR-F80019.10.11affected
Alien TechnologyALR-F80019.10.12affected
Alien TechnologyALR-F80019.10.13affected
Alien TechnologyALR-F80019.10.14affected
Alien TechnologyALR-F80019.10.15affected
Alien TechnologyALR-F80019.10.16affected
Alien TechnologyALR-F80019.10.17affected
Alien TechnologyALR-F80019.10.18affected
Alien TechnologyALR-F80019.10.19affected
Alien TechnologyALR-F80019.10.20affected
Alien TechnologyALR-F80019.10.21affected
Alien TechnologyALR-F80019.10.22affected
Alien TechnologyALR-F80019.10.23affected
Alien TechnologyALR-F80019.10.24affected

Weaknesses

  • CWE-78: CWE-78 OS Command Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References