CVE-2024-7443 | Vivotek IB8367A VVTK-0100b upload_file.cgi getenv QUERY_STRING command injection

A vulnerability classified as critical has been found in Vivotek IB8367A VVTK-0100b. Affected is the function getenv of the file upload_file.cgi. The manipulation of the argument QUERY_STRING leads to command injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

This vulnerability is traded as CVE-2024-7443. It is possible to launch the attack remotely. There is no exploit available.

Vendor was contacted early and confirmed that the affected release tree is end-of-life.

It is recommended to apply restrictive firewalling.

CVE-2024-7443 | Vivotek IB8367A VVTK-0100b upload_file.cgi getenv QUERY_STRING command injection

Related Posts

CVE-2024-8869 | TOTOLINK A720R 4.1.5 exportOvpn os command injection

CVE-2024-35706 | Team Heateor Heateor Social Login Plugin up to 1.1.32 on WordPress cross site scripting

CVE-2024-52024 | Netgear XR300/R6400/R7000P HTTP POST Request wizpppoe.cgi pppoe_localip stack-based overflow

CVE-2024-0246 | IceWarp 12.0.2.1/12.0.3.1 Utility Download /install/ lang cross site scripting