CVE-2024-8684

CVSS 3.1 Score 8.3 of 10 (high)

Details

Published Feb 10, 2025

CWE ID 78

Summary

CVE-2024-8684 is a newly disclosed OS Command Injection vulnerability affecting the Revolution Pi version 2022-07-28-revpi-buster from KUNBUS GmbH. An authenticated attacker can exploit this vulnerability by sending malicious input to the 'php/dal.php' endpoint, specifically the 'arrSaveConfig' parameter. Successful exploitation grants the attacker the ability to execute OS commands on the device, potentially leading to serious security consequences. This vulnerability highlights the importance of regularly updating and securing IoT devices to protect against such threats.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/yhwuWM
https://www.cve.org/CVERecord?id=CVE-2024-8684
https://nvd.nist.gov/vuln/detail/CVE-2024-8684

Back to Vulnerability Database

CVE-2024-8684

CVSS 3.1 Score 8.3 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations