go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

SECOM WRTR-304GN-304TW-UPSC - OS Command Injection

TVN ID TVN-202410016
CVE ID CVE-2024-10118
CVSS 9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products WRTR-304GN-304TW-UPSC V02
Description SECOM WRTR-304GN-304TW-UPSC does not properly filter user input in the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.
Solution The product is no longer in surport. Please retire affected device.
Credit Yu-Chieh Kuo, Shi-Yi Xie, Li-Fan Cheng, Cih-Che Chang, AnWei Kung (Nation Institute of Cyber Security, NICS)
Public Date 2024-10-18
Top