Lucene search

CVE-2024-31970

🗓️ 24 Jul 2024 16:06:15Reported by mitreType

cve🔗 web.nvd.nist.gov👁 50 Views🌐 WEB

AdTran SRG 834-5 HDC17600021F1 devices have default admin credentials allowing unauthorized root access

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 5
Vulnrichment	CVE-2024-31970	24 Jul 202400:00	–	vulnrichment
Cvelist	CVE-2024-31970	24 Jul 202400:00	–	cvelist
NVD	CVE-2024-31970	24 Jul 202416:15	–	nvd
OpenVAS	SSH Brute Force Logins With Default Credentials Reporting	2 Nov 201600:00	–	openvas
GithubExploit	Exploit for Missing Authentication for Critical Function in 7-Eleven Hello Cup	21 Jan 202301:57	–	githubexploit

Nvd

Node

adtran sdg_smartosRange<12.1.3.1

AND

adtran 834-5Match-

Source	Link
github	www.github.com/actuator/cve/blob/main/AdTran/CVE-2024-31970
github	www.github.com/actuator/cve/blob/main/AdTran/SRG-834-5
supportcommunity	www.supportcommunity.adtran.com/t5/Security-Advisories/ADTSA-2024001-Multiple-vulnerabilities-in-Service-Delivery-Gateway-products/ta-p/39332

Parameter	Position	Path	Description	CWE
JSON parameters	request body	/goform/formJsonAjaxReq	The /goform/formJsonAjaxReq endpoint fails to sanitize shell metacharacters, allowing command injection.	CWE-78
2.4 GHz and 5 GHz name	query param	/cgi-bin/luci/nradio/basic/radio	The endpoint is vulnerable to command injection, allowing arbitrary command execution on the device.	CWE-78
ping utility parameters	query param	/cgi-bin/luci/admin	Certain /cgi-bin/luci/admin endpoints are vulnerable to command injection.	CWE-78
2.4 GHz and 5 GHz name	query param	/cgi-bin/luci/admin/opsw/Dual_freq_un_apple	The endpoint is vulnerable to command injection, allowing arbitrary command execution.	CWE-78
ping or traceroute utility	query param	/cgi-bin/luci/admin	The endpoint allows OS command injection via shell metacharacters.	CWE-78
Wi-Fi SSID input fields	nested	/admin/wifi/wlan1	Allows remote attacker to conduct stored XSS attacks.	CWE-79
Wi-Fi SSID input fields	nested	/admin/wifi/wlan_guest	Allows remote attacker to conduct stored XSS attacks.	CWE-79

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

24 Jul 2024 16:15Current

9.8High risk

Vulners AI Score9.8

CVSS38.8

EPSS0.00165

SSVC

CWE-863