| ID |
CVE-2024-41585
|
| Sažetak |
DrayTek Vigor3910 devices through 4.3.2.6 are affected by an OS command injection vulnerability that allows an attacker to leverage the recvCmd binary to escape from the emulated instance and inject arbitrary commands into the host machine. |
| Reference |
|
| CVSS |
| Base: | 6.8 |
| Impact: | 5.9 |
| Exploitability: | 0.9 |
|
| Pristup |
| Vektor | Složenost | Autentikacija |
| ADJACENT_NETWORK |
LOW |
HIGH |
|
| Impact |
| Povjerljivost | Cjelovitost | Dostupnost |
| HIGH |
HIGH |
HIGH |
|
| CVSS vektor |
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
| Zadnje važnije ažuriranje |
07-10-2024 - 19:37 |
| Objavljeno |
03-10-2024 - 19:15 |
