OpenCVE

Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability refers to the authetnicated OS Command injection that occurs through the attacker-controlled `timer1` parameter, at offset `0x8e80`.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact total

Vendors	Products
Mc Technologies	Mc Lr Router

No data.

No data.

References

Link	Providers
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1953

History

Fri, 22 Nov 2024 15:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mc Technologies Mc Technologies mc Lr Router
CPEs		cpe:2.3:a:mc_technologies:mc_lr_router::::::::
Vendors & Products		Mc Technologies Mc Technologies mc Lr Router
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 21 Nov 2024 14:45:00 +0000

Type	Values Removed	Values Added
Description		Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability refers to the authetnicated OS Command injection that occurs through the attacker-controlled `timer1` parameter, at offset `0x8e80`.
Weaknesses		CWE-78
References		https://talosintelligence.com/vulnerability_reports/TALOS-2024-1953
Metrics		cvssV3_1 `{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: talos

Published: 2024-11-21T14:41:20.405Z

Updated: 2024-11-22T14:18:19.229Z

Reserved: 2024-02-29T21:52:03.205Z

Link: CVE-2024-28027

Vulnrichment

Updated: 2024-11-22T14:18:14.268Z

NVD

Status : Received

Published: 2024-11-21T15:15:28.663

Modified: 2024-11-21T15:15:28.663

Link: CVE-2024-28027

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-28027", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "state": "PUBLISHED", "assignerShortName": "talos", "dateReserved": "2024-02-29T21:52:03.205Z", "datePublished": "2024-11-21T14:41:20.405Z", "dateUpdated": "2024-11-22T14:18:19.229Z"}, "containers": {"cna": {"affected": [{"vendor": "MC Technologies", "product": "MC LR Router", "versions": [{"version": "2.10.5 (QEMU)", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability refers to the authetnicated OS Command injection that occurs through the attacker-controlled `timer1` parameter, at offset `0x8e80`."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "type": "CWE", "cweId": "CWE-78"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH"}}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2024-11-21T14:41:20.405Z"}, "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1953", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1953"}], "credits": [{"lang": "en", "value": "Discovered by Matt Wiseman of Cisco Talos."}]}, "adp": [{"affected": [{"vendor": "mc_technologies", "product": "mc_lr_router", "cpes": ["cpe:2.3:a:mc_technologies:mc_lr_router:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2.10.5qemu", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-22T14:16:17.471625Z", "id": "CVE-2024-28027", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-22T14:18:19.229Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"credits": [{"lang": "en", "value": "Discovered by Matt Wiseman of Cisco Talos."}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "MC Technologies", "product": "MC LR Router", "versions": [{"status": "affected", "version": "2.10.5 (QEMU)"}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1953", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1953"}], "descriptions": [{"lang": "en", "value": "Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability refers to the authetnicated OS Command injection that occurs through the attacker-controlled `timer1` parameter, at offset `0x8e80`."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2024-11-21T14:41:20.405Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-28027", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-22T14:16:17.471625Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:mc_technologies:mc_lr_router:*:*:*:*:*:*:*:*"], "vendor": "mc_technologies", "product": "mc_lr_router", "versions": [{"status": "affected", "version": "2.10.5qemu"}], "defaultStatus": "unknown"}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2024-11-22T14:18:14.268Z"}}]}, "cveMetadata": {"cveId": "CVE-2024-28027", "state": "PUBLISHED", "dateUpdated": "2024-11-21T14:41:20.405Z", "dateReserved": "2024-02-29T21:52:03.205Z", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "datePublished": "2024-11-21T14:41:20.405Z", "assignerShortName": "talos"}, "dataVersion": "5.1"}