Vulners
Lucene search
Vinchin Backup And Recovery 7.2 setNetworkCardInfo Command Injection
🗓️ 26 Jan 2024 00:00:00Reported by Valentin LobsteinType 
packetstorm🔗 packetstormsecurity.com👁 313 Views
| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
 | Vinchin Backup And Recovery 7.2 setNetworkCardInfo Command Injection Vulnerability | 29 Jan 202400:00 | – | zdt |
 | CVE-2024-22900 | 26 Jan 202416:22 | – | circl |
 | Vinchin Backup and Recovery Operating System Command Injection Vulnerability | 26 Jan 202400:00 | – | cnnvd |
 | CVE-2024-22900 | 2 Feb 202400:00 | – | cve |
 | CVE-2024-22900 | 2 Feb 202400:00 | – | cvelist |
 | EUVD-2024-20425 | 3 Oct 202520:07 | – | euvd |
 | CVE-2024-22900 | 2 Feb 202402:15 | – | nvd |
 | Remote code execution | 2 Feb 202402:15 | – | prion |
 | PT-2024-1551 · Vinchin · Vinchin Backup & Recovery | 11 Jan 202400:00 | – | ptsecurity |
 | CVE-2024-22900 | 23 May 202509:35 | – | redhatcve |
10
`CVE ID: CVE-2024-22900
Title: Command Injection Vulnerability in Vinchin Backup and Recovery Versions 7.2 and Earlier
Description:
A critical security vulnerability, identified as CVE-2024-22900, has been discovered in Vinchin Backup and Recovery software, affecting versions 7.2 and earlier. The vulnerability is present in the `setNetworkCardInfo` function, which is intended to update network card information.
Details:
1. The function collects the `NAME` parameter from the user request and assigns it to a variable `$name`.
2. The `NAME` parameter value is then used to construct a file path in the `setNetworkCardInfo` function, leading to potential command injection.
3. The vulnerability arises from the use of user-supplied input in system commands without proper validation and sanitization.
Impact:
This vulnerability allows an attacker to inject arbitrary commands via the `NAME` parameter, potentially leading to unauthorized access or control over the affected system.
Current Status:
As of the current date, there is no known patch available for this vulnerability. Users of Vinchin Backup and Recovery versions 7.2 and earlier are at risk.
Recommendation:
It is strongly recommended that users of the affected software versions remain vigilant and monitor Vinchin's updates for a security patch. Upon release of a patch, users should prioritize updating their systems to mitigate this security risk.
Signed,Valentin Lobstein
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
26 Jan 2024 00:00Current
7.4High risk
Vulners AI Score7.4
EPSS0.03859