Remote Attacker Can Execute Arbitrary System Commands via GET Requests
CVE-2024-5672

7.2HIGH

Key Information:

Vendor: Red Lion Europe
Status: Mbnet.mini; Rex 100
Vendor: CVE Published:; 3 July 2024

🔔 Create Red Lion Europe Vulnerability Alert

What is CVE-2024-5672?

A vulnerability exists in ABC Corp's web application that permits a high-privileged remote attacker to execute arbitrary system commands. This can occur due to improper validation and neutralization of special elements utilized in OS commands, specifically when processing GET requests. Exploitation of this issue could lead to unauthorized system access and potential compromise of the application's integrity and confidentiality.

Affected Version(s)

mbNET.mini 0 <= 2.2.11

REX 100 0 <= 2.2.11

References

https://cert.vde.com/en/advisories/VDE-2024-030

https://cert.vde.com/en/advisories/VDE-2024-032

http://seclists.org/fulldisclosure/2024/Jul/6

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 3, 2024
Vulnerability Reserved
Jun 6, 2024

Credit

Sebastian Dietz

CyberDanube

JSON