CVE-2024-8685

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Feb 10, 2025

CWE ID 22

Summary

CVE-2024-8685 is a newly disclosed path-traversal vulnerability affecting Revolution Pi version 2022-07-28-revpi-buster from KUNBUS GmbH. This issue enables authenticated attackers to access device directories by manipulating the 'dir' parameter in the 'getFileList.php' endpoint located at '/pictory/php/'. Successful exploitation of this vulnerability could lead to unauthorized access and potential data theft. Users are advised to update their Revolution Pi software as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/yhw5U5
https://www.cve.org/CVERecord?id=CVE-2024-8685
https://nvd.nist.gov/vuln/detail/CVE-2024-8685

Back to Vulnerability Database

CVE-2024-8685

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations