Critical Vulnerability Discovered in MitraStar GPT-2541GNAC BR_g5.6_1.11(WVK.0)b26, Remote Code Execution Possible

CVE-2024-9977

4.7MEDIUM

Key Information

Vendor
Mitrastar
Status
Gpt-2541gnac
Vendor
CVE Published:
15 October 2024

Badges

0👾 Exploit Exists🔴 Public PoC

Summary

A vulnerability, which was classified as critical, was found in MitraStar GPT-2541GNAC BR_g5.6_1.11(WVK.0)b26. Affected is an unknown function of the file /cgi-bin/settings-firewall.cgi of the component Firewall Settings Page. The manipulation of the argument SrcInterface leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. We tried to contact the vendor early about the disclosure but the official mail address was not working properly.

Affected Version(s)

GPT-2541GNAC = BR_g5.6_1.11(WVK.0)b26

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-9977 - Proof of Concept

References

https://vuldb.com/?id.280344
vdb-entrytechnical-description
https://vuldb.com/?ctiid.280344
signaturepermissions-required
https://vuldb.com/?submit.423561
third-party-advisory

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🔴

    Public PoC available

  • Vulnerability Reserved

  • 👾

    Exploit known to exist

  • Vulnerability published

Collectors

NVD DatabaseMitre Database1 Proof of Concept(s)

Credit

peritocibernetico (VulDB User)
.