CVE-2024-37570 | Mitel 6869i 4.5.0.41 Manual Firmware Update upgrade.html username/path command injection

Inserito da Angelo Barbosa | Giu 9, 2024 | CVE

A vulnerability classified as critical has been found in Mitel 6869i 4.5.0.41. Affected is an unknown function of the file upgrade.html of the component Manual Firmware Update Handler. The manipulation of the argument username/path leads to command injection.

This vulnerability is traded as CVE-2024-37570. The attack needs to be approached within the local network. Furthermore, there is an exploit available.

It is recommended to upgrade the affected component.

CVE-2024-37570 | Mitel 6869i 4.5.0.41 Manual Firmware Update upgrade.html username/path command injection

Post correlati

CVE-2023-48356 | Unisoc S8000 JPG Driver out-of-bounds write

CVE-2024-9029 | Freeimage tiff_read_iptc_profile heap-based overflow

CVE-2024-4629 | Red Hat Keycloak Bruteforce Protection improper enforcement of a single, unique action

CVE-2024-4391 | Happy Addons for Elementor Plugin up to 3.10.7 on WordPress Event Calendar Widget cross site scripting