2 matches found
CVE-2024-7442 Vivotek SD9364 upload_file.cgi getenv command injection
UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Vivotek SD9364 VVTK-0103f. It has been rated as critical. This issue affects the function getenv of the file uploadfile.cgi. The manipulation of the argument QUERYSTRING leads to command injection. The attack may be initiated remotely. The...
CVE-2024-7442
Affected product: Vivotek SD9364 VVTK-0103f. Vulnerable component: getenv in upload_file.cgi. Root cause: manipulation of the QUERY_STRING enables command injection. Exploitation appears to be remote. Notes indicate the affected release tree is end-of-life and maintained by vendor has ended; no p...