CVE-2024-28026
CVSS 3.1 Score 7.2 of 10 (high)
Details
Published Nov 21, 2024
CWE ID 78
Summary
CVE-2024-28026 is a critical vulnerability affecting MC Technologies MC LR Router 2.10.5. It allows authenticated attackers to inject OS commands through the `out1` parameter in the web interface I/O configuration functionality. By making a crafted HTTP request, an attacker can execute arbitrary commands on the system. The vulnerability is caused by insufficient input validation in the code snippet provided, which leads to command injection at offset `0x8efc`. This issue can potentially result in significant security risks if not addressed promptly.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Mc Lr Router