OS Command Injection Vulnerability in Newtec/iDirect Modems
CVE-2024-13502

9.3CRITICAL

Key Information:

Vendor: Newtec/idirect
Status: Ntc2218, Ntc2250, Ntc2299
Vendor: CVE Published:; 17 January 2025

🔔 Create Newtec/idirect Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2024-13502?

The vulnerability arises from improper parsing of incoming data on the commit_multicast page within the modem's web administration interface. This flaw allows attackers to exploit the system by injecting arbitrary shell commands, potentially leading to unauthorized code execution. Specifically, the vulnerable script uses an eval statement in a bash environment, posing significant security risks to the affected Newtec/iDirect modem models.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

NTC2218, NTC2250, NTC2299 Linux 1.0.1.1 <= 2.2.6.19

References

https://doi.org/10.1145/3643833.3656139

https://www.youtube.com/watch?v=-pxmly8xeas

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

👾
Exploit known to exist
Jan 17, 2025
Vulnerability published
Jan 17, 2025
Vulnerability Reserved
Jan 17, 2025

Credit

James Pavur

Johannes Willbold, johannes.willbold@rub.de

Martin Strohmeier, martin.strohmeier@armasuisse.ch

JSON

Newtec/idirect

Badges

What is CVE-2024-13502?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.