CVE-2024-57590

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jan 27, 2025

Updated: Jan 28, 2025

CWE ID 77

Summary

CVE-2024-57590 is a newly disclosed vulnerability affecting TRENDnet TEW-632BRP v1.010B31 devices. The issue lies in the OS command injection vulnerability found in the "ntp_sync.cgi" interface within the "ntp_server" parameter. This flaw enables remote attackers to execute arbitrary commands by exploiting a POST request vulnerability in the "ntp_sync.cgi" binary. Successful exploitation could lead to significant compromise of the affected device, making it crucial for users to apply the necessary patches as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2T-EHx
https://www.cve.org/CVERecord?id=CVE-2024-57590
https://nvd.nist.gov/vuln/detail/CVE-2024-57590

Back to Vulnerability Database

CVE-2024-57590

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations