Unauthenticated Remote Command Execution Vulnerability in SECOM's WRTM326 Wireless Router
CVE-2024-10119

9.8CRITICAL

Key Information:

Vendor: Secom
Status: Wrtm326
Vendor: CVE Published:; 18 October 2024

Summary

A vulnerability exists in SECOM's WRTM326 wireless router due to improper validation of a specific parameter. An unauthenticated attacker could leverage this flaw to execute arbitrary system commands by sending specially crafted requests to the device. This weakness poses significant risks, as it may allow remote access to sensitive functionalities of the router, thereby compromising the security and integrity of the network.

Affected Version(s)

WRTM326 0 < 2.3.20

References

https://www.twcert.org.tw/tw/cp-132-8156-81c9d-1.html

third-party-advisory

https://www.twcert.org.tw/en/cp-139-8157-e0461-2.html

third-party-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 18, 2024
Vulnerability Reserved
Oct 18, 2024