CVE-2024-9977

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)

Published: Oct 15, 2024 / Updated: 35d ago

010
CVSS 5.1EPSS 0.05%Medium
CVE info copied to clipboard

A vulnerability, which was classified as critical, was found in MitraStar GPT-2541GNAC BR_g5.6_1.11(WVK.0)b26. Affected is an unknown function of the file /cgi-bin/settings-firewall.cgi of the component Firewall Settings Page. The manipulation of the argument SrcInterface leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. We tried to contact the vendor early about the disclosure but the official mail address was not working properly.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Timeline

First Article

Feedly found the first article mentioning CVE-2024-9977. See article

Oct 15, 2024 at 12:55 PM / CVE
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 15, 2024 at 12:57 PM
CVE Assignment

NVD published the first details for CVE-2024-9977

Oct 15, 2024 at 1:15 PM
CVSS

A CVSS base score of 4.7 has been assigned.

Oct 15, 2024 at 1:20 PM / nvd
EPSS

EPSS Score was set to: 0.05% (Percentile: 17.2%)

Oct 16, 2024 at 11:00 AM
Static CVE Timeline Graph

Affected Systems

Mitrastar/gpt-2541gnac_firmware
+null more

Attack Patterns

CAPEC-108: Command Line Execution through SQL Injection
+null more

News

CVE-2024-9977
Gravedad 3.1 (CVSS 3.1 Base Score) Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
NA - CVE-2024-9977 - A vulnerability, which was classified as...
A vulnerability, which was classified as critical, was found in MitraStar GPT-2541GNAC BR_g5.6_1.11(WVK.0)b26. Affected is an unknown function of the file /cgi-bin/settings-firewall.cgi of the...
Critical Vulnerability Discovered in MitraStar GPT-2541GNAC BR_g5.6_1.11(WVK.0)b26, Remote Code Execution Possible
Mitrastar - MEDIUM - CVE-2024-9977 A vulnerability, which was classified as critical, was found in MitraStar GPT-2541GNAC BR_g5.6_1.11(WVK.0)b26. Affected is an unknown function of the file /cgi-bin/settings-firewall.cgi of the component Firewall Settings Page. The manipulation of the argument SrcInterface leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. We tried to contact the vendor early about the disclosure but the official mail address was not working properly.
CVE-2024-9977 MitraStar GPT-2541GNAC Firewall Settings Page settings-firewall.cgi os command injection
A vulnerability, which was classified as critical, was found in MitraStar GPT-2541GNAC BR_g5.6_1.11(WVK.0)b26. Affected is an unknown function of the file /cgi-bin/settings-firewall.cgi of the component Firewall Settings Page. The manipulation of the argument SrcInterface leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. We tried to contact the vendor early about the disclosure but the official mail address was not working...
CVE-2024-9977 - MitraStar GPT-2541GNAC BR Os Command Injection Vulnerability
CVE ID : CVE-2024-9977 Published : Oct. 15, 2024, 1:15 p.m. 16 minutes ago Description : A vulnerability, which was classified as critical, was found in MitraStar GPT-2541GNAC BR_g5.6_1.11(WVK.0)b26. Affected is an unknown function of the file /cgi-bin/settings-firewall.cgi of the component Firewall Settings Page. The manipulation of the argument SrcInterface leads to os command injection. It is possible to launch the attack remotely.
See 4 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:High
User Interaction:None
Scope:Unchanged
Confidentiality:Low
Integrity:Low
Availability Impact:Low

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI