CVE-2024-7442 Vivotek SD9364 upload_file.cgi getenv command injection

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Vivotek SD9364 VVTK-0103f. It has been rated as critical. This issue affects the function getenv of the file uploadfile.cgi. The manipulation of the argument QUERYSTRING leads to command injection. The attack may be initiated remotely. The...

CVE-2021-21907

A directory traversal vulnerability exists in the CMA CLI getenv command functionality of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted command line argument can lead to local file inclusion. An attacker can provide malicious input to trigger this vulnerability...