Lucene search

VulDBCVELIST:CVE-2024-4582

HistoryMay 07, 2024 - 11:00 a.m.

CVE-2024-4582 Faraday GM8181/GM828x NTP Service os command injection

2024-05-0711:00:05

CWE-78

VulDB

www.cve.org

cve-2024-4582; faraday gm8181; gm828x; ntp service; os command injection; critical; remote attack; upgrade; vdb-263304

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

7.9 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

A vulnerability classified as critical has been found in Faraday GM8181 and GM828x up to 20240429. Affected is an unknown function of the component NTP Service. The manipulation of the argument ntp_srv leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-263304.

CNA Affected

[
  {
    "vendor": "Faraday",
    "product": "GM8181",
    "versions": [
      {
        "version": "20240429",
        "status": "affected"
      }
    ],
    "modules": [
      "NTP Service"
    ]
  },
  {
    "vendor": "Faraday",
    "product": "GM828x",
    "versions": [
      {
        "version": "20240429",
        "status": "affected"
      }
    ],
    "modules": [
      "NTP Service"
    ]
  }
]

References

file.notion.so/f/f/3f67e7ef-2ba8-446a-9721-f87d0baa1695/fa61d774-823d-4516-8ff3-73c310ff7801/command_injection_submit.py?id=6d18aced-daaa-4e52-a0e8-9d1c5e00acee&table=block&spaceId=3f67e7ef-2ba8-446a-9721-f87d0baa1695&expirationTimestamp=171514800

netsecfish.notion.site/Command-Injection-in-Faraday-Technology-GM828x-GM8181-DVR-1bc02d17ee5540a08273da2850e809c4?pvs=4

vuldb.com/?ctiid.263304

vuldb.com/?id.263304

vuldb.com/?submit.324393

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

7.9 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for CVELIST:CVE-2024-4582