#VU101067 Command Injection in NEC Corporation products - CVE-2024-11013
Published: December 2, 2024
Vulnerability identifier: #VU101067
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-11013
CWE-ID: CWE-77
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
IX2105
IX2106
IX2107
IX2025
IX2207
IX2215
IX2235
IX2310
IX3015
IX3110
IX3315
IX-R2530
IX-R2520
IX-V100
IX2105
IX2106
IX2107
IX2025
IX2207
IX2215
IX2235
IX2310
IX3015
IX3110
IX3315
IX-R2530
IX-R2520
IX-V100
Software vendor:
NEC Corporation
NEC Corporation
Description
The vulnerability allows a remote user to execute arbitrary commands on the target system.
The vulnerability exists due to improper input validation. A remote administrator can send a specially crafted WebGUI message and execute arbitrary commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install updates from vendor's website.