An OS command injection vulnerability exists in the web interface configuration upload functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Metrics
Affected Vendors & Products
References
History
Wed, 18 Dec 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Mc-technologies
Mc-technologies mc Lr Router Mc-technologies mc Lr Router Firmware |
|
CPEs | cpe:2.3:h:mc-technologies:mc_lr_router:-:*:*:*:*:*:*:* cpe:2.3:o:mc-technologies:mc_lr_router_firmware:2.10.5:*:*:*:*:*:*:* |
|
Vendors & Products |
Mc-technologies
Mc-technologies mc Lr Router Mc-technologies mc Lr Router Firmware |
Fri, 22 Nov 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Mc Technologies
Mc Technologies mc Lr Router |
|
CPEs | cpe:2.3:a:mc_technologies:mc_lr_router:*:*:*:*:*:*:*:* | |
Vendors & Products |
Mc Technologies
Mc Technologies mc Lr Router |
|
Metrics |
ssvc
|
Fri, 22 Nov 2024 12:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Thu, 21 Nov 2024 14:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An OS command injection vulnerability exists in the web interface configuration upload functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |
Weaknesses | CWE-78 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: talos
Published: 2024-11-21T14:41:19.212Z
Updated: 2024-11-22T14:25:07.195Z
Reserved: 2024-02-29T21:52:48.326Z
Link: CVE-2024-21786
Vulnrichment
Updated: 2024-11-22T14:25:02.617Z
NVD
Status : Analyzed
Published: 2024-11-21T15:15:26.580
Modified: 2024-12-18T15:06:28.230
Link: CVE-2024-21786
Redhat
No data.