CVE-2024-1491

HIGH Year: 2024
CVSS v3 Score
7.5
High
Weakness Type
CWE-306
View all →

Vulnerability Description

The devices allow access to an unprotected endpoint that allows MPFS file system binary image upload without authentication. The MPFS2 file system module provides a light-weight read-only file system that can be stored in external EEPROM, external serial flash, or internal flash program memory. This file system serves as the basis for the HTTP2 web server module, but is also used by the SNMP module and is available to other applications that require basic read-only storage capabilities. This can be exploited to overwrite the flash program memory that holds the web server's main interfaces and execute arbitrary code.

Related Vulnerabilities

CVE-2002-1810

HIGH
CVSS:7.5(High)

D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote attackers to access the TFTP server without authentication and read the config.img file, which contains sensitive information such as the admin...

CWE-3062002

CVE-2011-4322

HIGH
CVSS:7.5(High)

websitebaker prior to and including 2.8.1 has an authentication error in backup module.

CWE-3062011

CVE-2013-1793

HIGH
CVSS:7.5(High)

openstack-utils openstack-db has insecure password creation

CWE-3062013

CVE-2015-5201

HIGH
CVSS:7.5(High)

VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0 as packaged in Red Hat Enterprise Virtualization before 3....

CWE-3062015

CVE-2016-6544

HIGH
CVSS:7.5(High)

getgps data in iTrack Easy can be modified without authentication by setting the data using the parametercmd:setothergps. This vulnerability can be exploited to alter the GPS data of a lost device.

CWE-3062016

CVE-2017-0919

HIGH
CVSS:7.5(High)

GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perform...

CWE-3062017