go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

Gether Technology 6SHR System - Unrestricted File Upload

TVN ID TVN-202408010
CVE ID CVE-2024-8330
CVSS 8.8 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products 6SHR System for all version.
Description 6SHR system from Gether Technology does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload web shell scripts and use them to execute arbitrary system commands on the server.
Solution Contact the vendor for mitigation.
Credit Loki Huang, Eunice Lin,Mike Huang(安華聯網科技股份有限公司)
Public Date 2024-08-30
Top