OS Command Injection Vulnerability Affects HGiga OAKlouds' Modules
CVE-2024-26260

9.8CRITICAL

Key Information:

Vendor: Hgiga
Status: Oaklouds
Vendor: CVE Published:; 15 February 2024

🔔 Create Hgiga Vulnerability Alert

Badges

📰 News Worthy

What is CVE-2024-26260?

The HGiga OAKloud has been identified as having a significant OS Command Injection vulnerability within certain modules. This flaw allows remote attackers to manipulate synchronization functionalities by injecting malicious commands into specific request parameters. As a result, unauthorized execution of arbitrary code may occur on the affected server, posing a severe risk to data integrity and system security. Organizations utilizing these products should prioritize remediation to safeguard against potential exploitation.

Affected Version(s)

OAKlouds earlier < 188

OAKlouds earlier < 1051

News Articles

CVE-2024-26260 : HGIGA OAKLOUDS OS COMMAND INJECTION - Cloud WAF

CVE-2024-26260 : The functionality for synchronization in HGiga OAKlouds' certain moudules has an OS Command Injection vulnerability.

thmubnail image

References

https://www.twcert.org.tw/tw/cp-132-7673-688b7-1.html

third-party-advisory

https://www.chtsecurity.com/news/e456f679-9091-4de4-8f78-...

third-party-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by prophaze.com
Feb 15, 2024
Vulnerability published
Feb 15, 2024
Vulnerability Reserved
Feb 15, 2024

CVE-2024-26260 Data

.