CVE-2024-43385 | Phoenix Contact FL MGUARD 2102 PROXY_HTTP_PORT os command injection (VDE-2024-039)

A vulnerability classified as critical was found in Phoenix Contact FL MGUARD 2102, FL MGUARD 2105, FL MGUARD 4102 PCI, FL MGUARD 4102 PCIE, FL MGUARD 4302, FL MGUARD 4305, FL MGUARD CENTERPORT VPN-1000, FL MGUARD CORE TX, FL MGUARD CORE TX VPN, FL MGUARD DELTA TX, TX, TX VPN, FL MGUARD GT, GT, GT VPN, FL MGUARD PCI4000, FL MGUARD PCI4000 VPN, FL MGUARD PCIE4000, FL MGUARD PCIE4000 VPN, FL MGUARD RS2000 TX, TX-B, FL MGUARD RS2005 TX VPN, FL MGUARD RS4000 TX, TX-M, TX-P, FL MGUARD RS4004 TX, DTX, DTX VPN, FL MGUARD SMART2, FL MGUARD SMART2 VPN, TC MGUARD RS2000 3G VPN, TC MGUARD RS2000 4G ATT VPN, TC MGUARD RS2000 4G VPN, TC MGUARD RS2000 4G VZW VPN, TC MGUARD RS4000 3G VPN, TC MGUARD RS4000 4G ATT VPN, TC MGUARD RS4000 4G VPN and TC MGUARD RS4000 4G VZW VPN. Affected by this vulnerability is an unknown functionality. The manipulation of the argument PROXY_HTTP_PORT leads to os command injection.

This vulnerability is known as CVE-2024-43385. The attack can be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-43385 | Phoenix Contact FL MGUARD 2102 PROXY_HTTP_PORT os command injection (VDE-2024-039)

Related Posts

CVE-2024-34490 | Maxima up to 5.47.0 /tmp temp file (51704c)

CVE-2024-30631 | Tenda FH1205 2.0.0.7(775) /goform/openSchedWifi setSchedWifi schedStartTime stack-based overflow

CVE-2024-30560 | 大侠WP DX-Watermark Plugin up to 1.0.4 on WordPress cross-site request forgery

CVE-2024-4459 | Themesflat Addons for Elementor Plugin up to 2.1.1 on WordPress Widget Titles cross site scripting