Un authorized access via 'getcommand' query
CVE-2024-9166

Currently unrated

Key Information:

Vendor: Atelmo
Status: Atemio Am 520 Hd Full Hd Satellite Receiver
Vendor: CVE Published:; 26 September 2024

What is CVE-2024-9166?

An unauthorized command execution vulnerability has been identified in the affected application, allowing attackers to execute system commands with elevated privileges. This vulnerability can be exploited through the 'getcommand' query, enabling attackers to gain root access to the system. Such capabilities pose substantial risks, including unauthorized data manipulation and system control. Affected users are advised to examine their security configurations and apply appropriate patches or mitigation strategies to safeguard their systems.

Affected Version(s)

Atemio AM 520 HD Full HD Satellite Receiver 0

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-2...

government-resource

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 26, 2024
Vulnerability Reserved
Sep 24, 2024

Credit

CISA discovered a public Proof of Concept (PoC) as authored by Gjoko Krstic and reported it to Atelmo.