Remote Code Execution Vulnerability in DCME Products
CVE-2024-52779

9.8CRITICAL

Key Information:

Vendor: Unknown
Status: DCME Series
Vendor: CVE Published:; 29 November 2024

What is CVE-2024-52779?

A security flaw in the DCME series, including versions DCME-320, DCME-520, DCME-320-L, and DCME-720, allows an attacker to execute arbitrary code remotely through a specific PHP endpoint. This vulnerability poses significant risks to affected systems, enabling unauthorized actions that could compromise data integrity and system functionality.

References

https://ba1100n.tech/%E6%BC%8F%E6%B4%9E%E6%8A%A5%E5%91%8A...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 29, 2024
Vulnerability Reserved
Nov 15, 2024

CVE-2024-52779 Data

JSON

Unknown

What is CVE-2024-52779?

References

CVSS V3.1

Timeline