CVE-2024-3871

CRITICAL Year: 2024
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-77
View all →

Vulnerability Description

The Delta Electronics DVW-W02W2-E2 devices expose a web administration interface to users. This interface implements multiple features that are affected by command injections and stack overflows vulnerabilities. Successful exploitation of these flaws would allow remote unauthenticated attackers to gain remote code execution with elevated privileges on the affected devices. This issue affects DVW-W02W2-E2 through version 2.5.2.

Related Vulnerabilities

CVE-2005-2773

CRITICAL
CVSS:9.8(Critical)

HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3)...

CWE-772005

CVE-2007-3010

CRITICAL
CVSS:9.8(Critical)

masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user...

CWE-772007

CVE-2008-7313

CRITICAL
CVSS:9.8(Critical)

The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796.

CWE-772008

CVE-2008-7315

CRITICAL
CVSS:9.8(Critical)

UI-Dialog 1.09 and earlier allows remote attackers to execute arbitrary commands.

CWE-772008

CVE-2008-7319

CRITICAL
CVSS:9.8(Critical)

The Net::Ping::External extension through 0.15 for Perl does not properly sanitize arguments (e.g., invalid hostnames) containing shell metacharacters before use of backticks in External.pm, allowing ...

CWE-772008

CVE-2009-5156

CRITICAL
CVSS:9.8(Critical)

An issue was discovered on ASMAX AR-804gu 66.34.1 devices. There is Command Injection via the cgi-bin/script query string.

CWE-772009