CVE-2024-7440 | Vivotek CC8160 VVTK-0100d upload_file.cgi getenv QUERY_STRING command injection

A vulnerability was found in Vivotek CC8160 VVTK-0100d. It has been classified as critical. This affects the function getenv of the file upload_file.cgi. The manipulation of the argument QUERY_STRING leads to command injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

This vulnerability is uniquely identified as CVE-2024-7440. It is possible to initiate the attack remotely. There is no exploit available.

Vendor was contacted early and confirmed that the affected release tree is end-of-life.

It is recommended to apply restrictive firewalling.

CVE-2024-7440 | Vivotek CC8160 VVTK-0100d upload_file.cgi getenv QUERY_STRING command injection

Related Posts

CVE-2024-31408 | AIPHONE IX-MV Request os command injection

CVE-2024-1595 | Delta Electronics CNCSoft-B DOPSoft prior 4.0.0.82 uncontrolled search path (icsa-24-053-01)

CVE-2024-33512 | Aruba ArubaOS 8.10.0.11/8.11.2.2/10.4.1.1/10.5.1.1 Local User Authentication Database Service buffer overflow (ARUBA-PSA-2024-004)

CVE-2024-46749 | Linux Kernel up to 6.6.50/6.10.9 Bluetooth btnxpuart_flush null pointer dereference (013dae4735d2/056e0cd381d5/c68bbf5e334b)