CVE-2024-7580

Summary

A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/system.html. The manipulation of the argument uploadedFile with the input ;whoami leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
Alien TechnologyALR-F80019.10.0affected
Alien TechnologyALR-F80019.10.1affected
Alien TechnologyALR-F80019.10.2affected
Alien TechnologyALR-F80019.10.3affected
Alien TechnologyALR-F80019.10.4affected
Alien TechnologyALR-F80019.10.5affected
Alien TechnologyALR-F80019.10.6affected
Alien TechnologyALR-F80019.10.7affected
Alien TechnologyALR-F80019.10.8affected
Alien TechnologyALR-F80019.10.9affected
Alien TechnologyALR-F80019.10.10affected
Alien TechnologyALR-F80019.10.11affected
Alien TechnologyALR-F80019.10.12affected
Alien TechnologyALR-F80019.10.13affected
Alien TechnologyALR-F80019.10.14affected
Alien TechnologyALR-F80019.10.15affected
Alien TechnologyALR-F80019.10.16affected
Alien TechnologyALR-F80019.10.17affected
Alien TechnologyALR-F80019.10.18affected
Alien TechnologyALR-F80019.10.19affected
Alien TechnologyALR-F80019.10.20affected
Alien TechnologyALR-F80019.10.21affected
Alien TechnologyALR-F80019.10.22affected
Alien TechnologyALR-F80019.10.23affected
Alien TechnologyALR-F80019.10.24affected

Weaknesses

  • CWE-78: CWE-78 OS Command Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References