Vulnerability Details CVE-2024-7580
A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/system.html. The manipulation of the argument uploadedFile with the input ;whoami leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.041
EPSS Ranking 88.2%
CVSS Severity
CVSS v3 Score 6.3
CVSS v2 Score 6.5
References
Products affected by CVE-2024-7580
-
cpe:2.3:h:alientechnology:alr-f800:-
-
cpe:2.3:o:alientechnology:alr-f800_firmware:-
-
cpe:2.3:o:alientechnology:alr-f800_firmware:15.12.11
-
cpe:2.3:o:alientechnology:alr-f800_firmware:16.03.30
-
cpe:2.3:o:alientechnology:alr-f800_firmware:16.04.06
-
cpe:2.3:o:alientechnology:alr-f800_firmware:16.05.26
-
cpe:2.3:o:alientechnology:alr-f800_firmware:16.08.03
-
cpe:2.3:o:alientechnology:alr-f800_firmware:16.11.15
-
cpe:2.3:o:alientechnology:alr-f800_firmware:17.03.06
-
cpe:2.3:o:alientechnology:alr-f800_firmware:17.07.17
-
cpe:2.3:o:alientechnology:alr-f800_firmware:17.11.13
-
cpe:2.3:o:alientechnology:alr-f800_firmware:18.02.28
-
cpe:2.3:o:alientechnology:alr-f800_firmware:18.09.24
-
cpe:2.3:o:alientechnology:alr-f800_firmware:19.10.24
-
cpe:2.3:o:alientechnology:alr-f800_firmware:19.10.24.00