Search criteria
1 vulnerability by MitraStar
CVE-2024-9977 (GCVE-0-2024-9977)
Vulnerability from cvelistv5 – Published: 2024-10-15 12:31 – Updated: 2024-10-15 13:27
VLAI?
Title
MitraStar GPT-2541GNAC Firewall Settings Page settings-firewall.cgi os command injection
Summary
A vulnerability, which was classified as critical, was found in MitraStar GPT-2541GNAC BR_g5.6_1.11(WVK.0)b26. Affected is an unknown function of the file /cgi-bin/settings-firewall.cgi of the component Firewall Settings Page. The manipulation of the argument SrcInterface leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. We tried to contact the vendor early about the disclosure but the official mail address was not working properly.
Severity ?
4.7 (Medium)
4.7 (Medium)
CWE
- CWE-78 - OS Command Injection
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MitraStar | GPT-2541GNAC |
Affected:
BR_g5.6_1.11(WVK.0)b26
|
Credits
peritocibernetico (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:mitrastar:gpt-2541gnac:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gpt-2541gnac",
"vendor": "mitrastar",
"versions": [
{
"status": "affected",
"version": "BR_g5.6_1.11(WVK.0)b26"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9977",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T13:22:50.398862Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T13:27:02.177Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Firewall Settings Page"
],
"product": "GPT-2541GNAC",
"vendor": "MitraStar",
"versions": [
{
"status": "affected",
"version": "BR_g5.6_1.11(WVK.0)b26"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "peritocibernetico (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in MitraStar GPT-2541GNAC BR_g5.6_1.11(WVK.0)b26. Affected is an unknown function of the file /cgi-bin/settings-firewall.cgi of the component Firewall Settings Page. The manipulation of the argument SrcInterface leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. We tried to contact the vendor early about the disclosure but the official mail address was not working properly."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in MitraStar GPT-2541GNAC BR_g5.6_1.11(WVK.0)b26 gefunden. Sie wurde als kritisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei /cgi-bin/settings-firewall.cgi der Komponente Firewall Settings Page. Durch das Beeinflussen des Arguments SrcInterface mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.8,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T12:31:04.419Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-280344 | MitraStar GPT-2541GNAC Firewall Settings Page settings-firewall.cgi os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.280344"
},
{
"name": "VDB-280344 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.280344"
},
{
"name": "Submit #423561 | Mitrastar GPT-2541GNAC BR_g5.6_1.11(WVK.0)b26 OS Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.423561"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/peritocibernetico/VivoCodeExecutionFirewall/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-10-15T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-10-15T08:05:28.000Z",
"value": "VulDB entry last update"
}
],
"title": "MitraStar GPT-2541GNAC Firewall Settings Page settings-firewall.cgi os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-9977",
"datePublished": "2024-10-15T12:31:04.419Z",
"dateReserved": "2024-10-15T05:58:52.332Z",
"dateUpdated": "2024-10-15T13:27:02.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}