CVE-2024-9324

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Sep 29, 2024

Updated: Nov 4, 2024

CWE ID 707

CWE ID 94

CWE ID 74

Summary

CVE-2024-9324 is a critical vulnerability affecting Intelbras InControl up to version 2.21.57. This issue impacts an unidentified functionality within the Relatório de Operadores Page's /v1/operador/ component. Maliciously crafted argument fields can lead to code injection, allowing remote attackers to exploit the system. The vulnerability has been disclosed publicly, increasing the risk of exploitation. Users are urged to upgrade to version 2.21.58 as soon as possible to mitigate the risk. Intelbras was informed of the issue on July 19, 2024, and initially planned to release a fixed version by the end of August, but the release was subsequently postponed until September 20, 2024.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

inControl

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners