CVE-2024-4582

HIGH Year: 2024
CVSS v3 Score
7.3
High
CVSS v2 Score
7.5
High
Weakness Type
CWE-78
View all →

Vulnerability Description

A vulnerability classified as critical has been found in Faraday GM8181 and GM828x up to 20240429. Affected is an unknown function of the component NTP Service. The manipulation of the argument ntp_srv leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-263304.

Related Vulnerabilities

CVE-2019-18934

HIGH
CVSS:7.3(High)

Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was ...

CWE-782019

CVE-2020-28426

HIGH
CVSS:7.3(High)

All versions of package kill-process-on-port are vulnerable to Command Injection via a.getProcessPortId.

CWE-782020

CVE-2020-7778

HIGH
CVSS:7.3(High)

This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands.

CWE-782020

CVE-2021-23380

HIGH
CVSS:7.3(High)

This affects all versions of package roar-pidusage. If attacker-controlled user input is given to the stat function of this package on certain operating systems, it is possible for an attacker to exec...

CWE-782021

CVE-2021-33633

HIGH
CVSS:7.3(High)

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler aops-ceres on Linux allows Command Injection. This vulnerability is associated wit...

CWE-782021

CVE-2021-43266

HIGH
CVSS:7.3(High)

In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting collections via PDF export could lead to code execution via shell metacharacters in a collection name. Additional, in Mahara before 2...

CWE-782021