CVE-2024-7580
5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Summary
A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/system.html. The manipulation of the argument uploadedFile with the input ;whoami leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Alien Technology | ALR-F800 | 19.10.0 | affected |
| Alien Technology | ALR-F800 | 19.10.1 | affected |
| Alien Technology | ALR-F800 | 19.10.2 | affected |
| Alien Technology | ALR-F800 | 19.10.3 | affected |
| Alien Technology | ALR-F800 | 19.10.4 | affected |
| Alien Technology | ALR-F800 | 19.10.5 | affected |
| Alien Technology | ALR-F800 | 19.10.6 | affected |
| Alien Technology | ALR-F800 | 19.10.7 | affected |
| Alien Technology | ALR-F800 | 19.10.8 | affected |
| Alien Technology | ALR-F800 | 19.10.9 | affected |
| Alien Technology | ALR-F800 | 19.10.10 | affected |
| Alien Technology | ALR-F800 | 19.10.11 | affected |
| Alien Technology | ALR-F800 | 19.10.12 | affected |
| Alien Technology | ALR-F800 | 19.10.13 | affected |
| Alien Technology | ALR-F800 | 19.10.14 | affected |
| Alien Technology | ALR-F800 | 19.10.15 | affected |
| Alien Technology | ALR-F800 | 19.10.16 | affected |
| Alien Technology | ALR-F800 | 19.10.17 | affected |
| Alien Technology | ALR-F800 | 19.10.18 | affected |
| Alien Technology | ALR-F800 | 19.10.19 | affected |
| Alien Technology | ALR-F800 | 19.10.20 | affected |
| Alien Technology | ALR-F800 | 19.10.21 | affected |
| Alien Technology | ALR-F800 | 19.10.22 | affected |
| Alien Technology | ALR-F800 | 19.10.23 | affected |
| Alien Technology | ALR-F800 | 19.10.24 | affected |
Weaknesses
- CWE-78: CWE-78 OS Command Injection
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
References
- https://vuldb.com/?id.273860
- https://vuldb.com/?ctiid.273860
- https://vuldb.com/?submit.382481
- https://github.com/Push3AX/vul/blob/main/Alien%20Technology%20/ALR-F800.md
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.