CVE-2024-58314

Sažetak

Atcom 100M IP Phones firmware version 2.7.x.x contains an authenticated command injection vulnerability in the web configuration CGI script that allows attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'cmd' parameter in web_cgi_main.cgi, enabling remote code execution with administrative credentials.

Reference

https://www.atcom.cn/html/yingwenban/Product/Fast_IP_phone/2017/1023/135.html
https://www.exploit-db.com/exploits/51742
https://www.vulncheck.com/advisories/atcom-xx-authenticated-command-injection-via-web-configuration-cgi

CVSS

Base:	8.8
Impact:	5.9
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

15-12-2025 - 18:22

Objavljeno

12-12-2025 - 20:15