VDB-289378 · CVE-2024-12985 · GCVE-100-289378

Overtek OT-E801G OTE801G65.1.1.0 passwd&ipversion=4&sessionKey=test ବିସ୍ତାରିତ ଅଧିକାର

Dogoggorri kan akka ଜଟିଳ jedhamuun ramadame Overtek OT-E801G OTE801G65.1.1.0 keessatti argameera. Miidhaan irra gahe is hojii hin beekamne faayilii /diag_ping.cmd?action=test&interface=ppp0.1&ipaddr=8.8.8.8%26%26cat%20/etc/passwd&ipversion=4&sessionKey=test keessa. Dhugumatti jijjiirraa gara ବିସ୍ତାରିତ ଅଧିକାର geessa. Waliigalteewwan CWE fayyadamuun rakkoo ibsuun gara CWE-78 si geessa. Beekumsi kun yeroo 12/27/2024 ifoomsifameera. Dogoggorri kun maqaa CVE-2024-12985 jedhuun tajaajilama. Weerara fageenya irraa jalqabuun ni danda'ama. Odeeffannoon teeknikaa ni argama. Akka dabalataan, meeshaa balaa kana fayyadamuuf argama. Qorannoo miidhaa (exploit) beeksifamee jira, namoonni itti fayyadamuu danda'u. Yeroo ammaa, gatii exploit might be approx. USD $0-$5k beekamuu danda'a. ପ୍ରୁଫ୍-ଅଫ୍-କନ୍ସେପ୍ଟ jedhamee murtaa’eera. Waggaa 0-day ta'ee, gatiin isaa daldala dhoksaa keessatti $0-$5k jedhamee tilmaamame. Firewall ugguramaa hojiirra oolchuu akka ta'e ni gorfama. Once again VulDB remains the best source for vulnerability data.

2 ଆଡାପ୍ଟେସନ୍ · 86 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ସୃଷ୍ଟି ହୋଇଛି 12/27/2024 09:02 AM	ଅଦ୍ୟତନ 1/1 12/27/2024 10:41 PM
software_vendor	Overtek	Overtek
software_name	OT-E801G	OT-E801G
software_version	OTE801G65.1.1.0	OTE801G65.1.1.0
software_file	/diag_ping.cmd?action=test&interface=ppp0.1&ipaddr=8.8.8.8%26%26cat%20/etc/passwd&ipversion=4&sessionKey=test	/diag_ping.cmd?action=test&interface=ppp0.1&ipaddr=8.8.8.8%26%26cat%20/etc/passwd&ipversion=4&sessionKey=test
vulnerability_cwe	CWE-78 (ବିସ୍ତାରିତ ଅଧିକାର)	CWE-78 (ବିସ୍ତାରିତ ଅଧିକାର)
vulnerability_risk	2	2
cvss3_vuldb_av	N	N
cvss3_vuldb_ac	L	L
cvss3_vuldb_ui	N	N
cvss3_vuldb_s	U	U
cvss3_vuldb_c	L	L
cvss3_vuldb_i	L	L
cvss3_vuldb_a	L	L
cvss3_vuldb_e	P	P
cvss3_vuldb_rl	W	W
cvss3_vuldb_rc	R	R
exploit_availability	1	1
exploit_publicity	1	1
countermeasure_name	Firewall	Firewall
source_cve	CVE-2024-12985	CVE-2024-12985
cna_responsible	VulDB	VulDB
response_summary	The vendor was contacted early about this disclosure but did not respond in any way.	The vendor was contacted early about this disclosure but did not respond in any way.
cvss2_vuldb_av	N	N
cvss2_vuldb_ac	L	L
cvss2_vuldb_ci	P	P
cvss2_vuldb_ii	P	P
cvss2_vuldb_ai	P	P
cvss2_vuldb_e	POC	POC
cvss2_vuldb_rc	UR	UR
cvss2_vuldb_rl	W	W
cvss4_vuldb_av	N	N
cvss4_vuldb_ac	L	L
cvss4_vuldb_ui	N	N
cvss4_vuldb_vc	L	L
cvss4_vuldb_vi	L	L
cvss4_vuldb_va	L	L
cvss4_vuldb_e	P	P
cvss2_vuldb_au	S	S
cvss3_vuldb_pr	L	L
cvss4_vuldb_at	N	N
cvss4_vuldb_pr	L	L
cvss4_vuldb_sc	N	N
cvss4_vuldb_si	N	N
cvss4_vuldb_sa	N	N
cvss2_vuldb_basescore	6.5	6.5
cvss2_vuldb_tempscore	5.0	5.3
cvss3_vuldb_basescore	6.3	6.3
cvss3_vuldb_tempscore	5.6	5.6
cvss3_meta_basescore	6.3	6.3
cvss3_meta_tempscore	5.6	5.9
cvss4_vuldb_bscore	5.3	5.3
cvss4_vuldb_btscore	2.1	2.1
advisory_date	1735254000 (12/27/2024)	1735254000 (12/27/2024)
price_0day	$0-$5k	$0-$5k
cve_nvd_summary		A vulnerability classified as critical was found in Overtek OT-E801G OTE801G65.1.1.0. This vulnerability affects unknown code of the file /diag_ping.cmd?action=test&interface=ppp0.1&ipaddr=8.8.8.8%26%26cat%20/etc/passwd&ipversion=4&sessionKey=test. The manipulation leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
cvss4_cna_av		N
cvss4_cna_ac		L
cvss4_cna_at		N
cvss4_cna_pr		L
cvss4_cna_ui		N
cvss4_cna_vc		L
cvss4_cna_vi		L
cvss4_cna_va		L
cvss4_cna_sc		N
cvss4_cna_si		N
cvss4_cna_sa		N
cvss4_cna_bscore		5.3
cvss3_cna_av		N
cvss3_cna_ac		L
cvss3_cna_pr		L
cvss3_cna_ui		N
cvss3_cna_s		U
cvss3_cna_c		L
cvss3_cna_i		L
cvss3_cna_a		L
cvss3_cna_basescore		6.3
cvss2_cna_av		N
cvss2_cna_ac		L
cvss2_cna_au		S
cvss2_cna_ci		P
cvss2_cna_ii		P
cvss2_cna_ai		P
cvss2_cna_basescore		6.5

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!