{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-9977", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-10-15T05:58:52.332Z", "datePublished": "2024-10-15T12:31:04.419Z", "dateUpdated": "2024-10-15T13:27:02.177Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-10-15T12:31:04.419Z"}, "title": "MitraStar GPT-2541GNAC Firewall Settings Page settings-firewall.cgi os command injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-78", "lang": "en", "description": "OS Command Injection"}]}], "affected": [{"vendor": "MitraStar", "product": "GPT-2541GNAC", "versions": [{"version": "BR_g5.6_1.11(WVK.0)b26", "status": "affected"}], "modules": ["Firewall Settings Page"]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as critical, was found in MitraStar GPT-2541GNAC BR_g5.6_1.11(WVK.0)b26. Affected is an unknown function of the file /cgi-bin/settings-firewall.cgi of the component Firewall Settings Page. The manipulation of the argument SrcInterface leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. We tried to contact the vendor early about the disclosure but the official mail address was not working properly."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in MitraStar GPT-2541GNAC BR_g5.6_1.11(WVK.0)b26 gefunden. Sie wurde als kritisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei /cgi-bin/settings-firewall.cgi der Komponente Firewall Settings Page. Durch das Beeinflussen des Arguments SrcInterface mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.7, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.7, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5.8, "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P"}}], "timeline": [{"time": "2024-10-15T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-10-15T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-10-15T08:05:28.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "peritocibernetico (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.280344", "name": "VDB-280344 | MitraStar GPT-2541GNAC Firewall Settings Page settings-firewall.cgi os command injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.280344", "name": "VDB-280344 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.423561", "name": "Submit #423561 | Mitrastar GPT-2541GNAC BR_g5.6_1.11(WVK.0)b26 OS Command Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/peritocibernetico/VivoCodeExecutionFirewall/", "tags": ["exploit"]}]}, "adp": [{"affected": [{"vendor": "mitrastar", "product": "gpt-2541gnac", "cpes": ["cpe:2.3:h:mitrastar:gpt-2541gnac:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "BR_g5.6_1.11(WVK.0)b26", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-15T13:22:50.398862Z", "id": "CVE-2024-9977", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-15T13:27:02.177Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-9977", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-15T13:22:50.398862Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:mitrastar:gpt-2541gnac:-:*:*:*:*:*:*:*"], "vendor": "mitrastar", "product": "gpt-2541gnac", "versions": [{"status": "affected", "version": "BR_g5.6_1.11(WVK.0)b26"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-15T13:26:54.873Z"}}], "cna": {"title": "MitraStar GPT-2541GNAC Firewall Settings Page settings-firewall.cgi os command injection", "credits": [{"lang": "en", "type": "reporter", "value": "peritocibernetico (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5.8, "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P"}}], "affected": [{"vendor": "MitraStar", "modules": ["Firewall Settings Page"], "product": "GPT-2541GNAC", "versions": [{"status": "affected", "version": "BR_g5.6_1.11(WVK.0)b26"}]}], "timeline": [{"lang": "en", "time": "2024-10-15T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2024-10-15T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2024-10-15T08:05:28.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.280344", "name": "VDB-280344 | MitraStar GPT-2541GNAC Firewall Settings Page settings-firewall.cgi os command injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.280344", "name": "VDB-280344 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.423561", "name": "Submit #423561 | Mitrastar GPT-2541GNAC BR_g5.6_1.11(WVK.0)b26 OS Command Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/peritocibernetico/VivoCodeExecutionFirewall/", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as critical, was found in MitraStar GPT-2541GNAC BR_g5.6_1.11(WVK.0)b26. Affected is an unknown function of the file /cgi-bin/settings-firewall.cgi of the component Firewall Settings Page. The manipulation of the argument SrcInterface leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. We tried to contact the vendor early about the disclosure but the official mail address was not working properly."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in MitraStar GPT-2541GNAC BR_g5.6_1.11(WVK.0)b26 gefunden. Sie wurde als kritisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei /cgi-bin/settings-firewall.cgi der Komponente Firewall Settings Page. Durch das Beeinflussen des Arguments SrcInterface mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "OS Command Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-10-15T12:31:04.419Z"}}}, "cveMetadata": {"cveId": "CVE-2024-9977", "state": "PUBLISHED", "dateUpdated": "2024-10-15T13:27:02.177Z", "dateReserved": "2024-10-15T05:58:52.332Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2024-10-15T12:31:04.419Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as critical, was found in MitraStar GPT-2541GNAC BR_g5.6_1.11(WVK.0)b26. Affected is an unknown function of the file /cgi-bin/settings-firewall.cgi of the component Firewall Settings Page. The manipulation of the argument SrcInterface leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. We tried to contact the vendor early about the disclosure but the official mail address was not working properly."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en MitraStar GPT-2541GNAC BR_g5.6_1.11(WVK.0)b26. Se trata de una funci\u00f3n desconocida del archivo /cgi-bin/settings-firewall.cgi del componente Firewall Settings Page. La manipulaci\u00f3n del argumento SrcInterface provoca la inyecci\u00f3n de comandos del sistema operativo. Es posible lanzar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Intentamos ponernos en contacto con el proveedor para informarle sobre la divulgaci\u00f3n, pero la direcci\u00f3n de correo oficial no funcionaba correctamente."}], "id": "CVE-2024-9977", "lastModified": "2024-10-16T16:38:43.170", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "MULTIPLE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "LOW", "vulnerableSystemConfidentiality": "LOW", "vulnerableSystemIntegrity": "LOW"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2024-10-15T13:15:11.457", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/peritocibernetico/VivoCodeExecutionFirewall/"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.280344"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.280344"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.423561"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}