{"uuid": "06a3655c-d678-46b0-9da7-c43c1f9d2bf6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-13502", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2129", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-13502\n\ud83d\udd39 Description: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Newtec/iDirect NTC2218, NTC2250, NTC2299 on Linux, PowerPC, ARM allows Local Code Inclusion.This issue affects NTC2218, NTC2250, NTC2299: from 1.0.1.1 through 2.2.6.19.\n\n\nThe `commit_multicast` page used to configure multicasts in the modem's web administration interface uses improperly parses incoming data from the request before passing it to an `eval` statement in a bash script. This allows attackers to inject arbitrary shell commands.\n\ud83d\udccf Published: 2025-01-17T14:01:03.084Z\n\ud83d\udccf Modified: 2025-01-17T14:49:20.740Z\n\ud83d\udd17 References:\n1. https://doi.org/10.1145/3643833.3656139\n2. https://www.youtube.com/watch?v=-pxmly8xeas", "creation_timestamp": "2025-01-17T14:56:39.000000Z"}