Command Injection Vulnerability in FBM_292W Product by Vendor
CVE-2024-44414

Currently unrated

Key Information:

Vendor: Vendor
Status: FBM_292W
Vendor: CVE Published:; 11 October 2024

What is CVE-2024-44414?

A security flaw has been identified in the FBM_292W product, specifically in the sub_4901E0 function located within the msp_info.htm file. This vulnerability arises from improper handling of the path parameter, allowing an attacker to execute arbitrary commands on the system. Proper validation and sanitization measures are essential to mitigate this risk.

References

https://github.com/IotChan/cve/blob/main/wayos/FBM_292W/w...

https://github.com/IotChan/cve/blob/main/wayos/FBM_292W/C...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 11, 2024
Vulnerability Reserved
Aug 21, 2024