CVE-2024-41339

HIGH Year: 2024
CVSS v3 Score
8.8
High
Weakness Type
CWE-434
View all →

Vulnerability Description

An issue in the CGI endpoint used to upload configurations in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/3910 prior to v4.3.2.7, Vigor 3912 prior to v4.3.5.2, and Vigor 2925 up to v3.9.6 allows attackers to upload a crafted kernel module, allowing for arbitrary code execution.

Related Vulnerabilities

CVE-2010-3663

HIGH
CVSS:8.8(High)

TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arb...

CWE-4342010

CVE-2011-1597

HIGH
CVSS:8.8(High)

OpenVAS Manager v2.0.3 allows plugin remote code execution.

CWE-4342011

CVE-2011-4334

HIGH
CVSS:8.8(High)

edit.php in LabWiki 1.1 and earlier does not properly verify uploaded user files, which allows remote authenticated users to upload arbitrary PHP files via a PHP file with a .gif extension in the user...

CWE-4342011

CVE-2012-1592

HIGH
CVSS:8.8(High)

A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files.

CWE-4342012

CVE-2013-1916

HIGH
CVSS:8.8(High)

In WordPress Plugin User Photo 0.9.4, when a photo is uploaded, it is only partially validated and it is possible to upload a backdoor on the server hosting WordPress. This backdoor can be called (exe...

CWE-4342013

CVE-2013-3591

HIGH
CVSS:8.8(High)

vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability

CWE-4342013