On Mitel 6869i 4.5.0.41 devices, the Manual Firmware Update (upgrade.html) page does not perform sanitization on the username and path parameters (sent by an authenticated user) before appending flags to the busybox ftpget command. This leads to $() command execution.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-06-09T00:00:00
Updated: 2024-08-02T03:57:39.798Z
Reserved: 2024-06-09T00:00:00
Link: CVE-2024-37570
Vulnrichment
Updated: 2024-06-10T19:43:04.207Z
NVD
Status : Modified
Published: 2024-06-09T20:15:09.460
Modified: 2024-08-01T13:53:45.687
Link: CVE-2024-37570
Redhat
No data.