Critical Vulnerability Discovered in MitraStar GPT-2541GNAC BR_g5.6_1.11(WVK.0)b26, Remote Code Execution Possible

CVE-2024-9977

4.7MEDIUM

Key Information

Vendor: Mitrastar
Status: Gpt-2541gnac
Vendor: CVE Published:; 15 October 2024

Summary

A vulnerability, which was classified as critical, was found in MitraStar GPT-2541GNAC BR_g5.6_1.11(WVK.0)b26. Affected is an unknown function of the file /cgi-bin/settings-firewall.cgi of the component Firewall Settings Page. The manipulation of the argument SrcInterface leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. We tried to contact the vendor early about the disclosure but the official mail address was not working properly.

Affected Version(s)

GPT-2541GNAC = BR_g5.6_1.11(WVK.0)b26

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: null to: 4.7 - (MEDIUM)
Oct 15, 2024
VulDB entry last update
Oct 15, 2024
Vulnerability Reserved.
Oct 15, 2024
VulDB entry created
Oct 15, 2024
Advisory disclosed
Oct 15, 2024
Vulnerability published.
Oct 15, 2024

Collectors

NVD DatabaseMitre Database

Credit

peritocibernetico (VulDB User)