A vulnerability was found in F-logic DataCube3 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/config_time_sync.php of the component HTTP POST Request Handler. The manipulation of the argument ntp_server leads to os command injection.
This vulnerability is known as CVE-2024-7066. The attack can be launched remotely. Furthermore, there is an exploit available.