CVE-2024-41925 | Optigo Networks ONS-S8 Spectra Aggregation Switch up to 1.3.7 filename control (icsa-24-275-01)

Inserito da Angelo Barbosa | Ott 2, 2024 | CVE

A vulnerability was found in Optigo Networks ONS-S8 Spectra Aggregation Switch up to 1.3.7 and classified as very critical. This issue affects some unknown processing. The manipulation leads to improper control of filename for include/require statement in php program (‘php remote file inclusion’).

The identification of this vulnerability is CVE-2024-41925. The attack may be initiated remotely. There is no exploit available.

It is recommended to change the configuration settings.

CVE-2024-41925 | Optigo Networks ONS-S8 Spectra Aggregation Switch up to 1.3.7 filename control (icsa-24-275-01)

Post correlati

CVE-2023-42858 | Apple macOS prior 12.7/13.6/14.1 access control

CVE-2024-8834 | PDF-XChange Editor TIF File Parser out-of-bounds (ZDI-24-1257)

CVE-2024-23787 | Sharp Energy Management Controller with Cloud Services up to B0.1.9.1 path traversal

CVE-2024-39304 | ChurchCRM up to 5.9.1 /GetText.php EID sql injection (GHSA-2rh6-gr3h-83j9)