2 matches found
CVE-2022-24796
RaspberryMatic WebUI file upload vulnerability allows remote, unauthenticated RCE via shell metacharacters in HTTP query strings. The root cause is missing input validation/sanitization in the upload mechanism. Affected versions are 2.31.25.20180428 through 3.63.7.20220226 (note: exact upper boun...
CVE-2024-24578
CVE-2024-24578 affects RaspberryMatic / OCCU prior to 3.75.6.20240316. The vulnerability stems from multiple issues in the Java HMIPServer.jar, enabling unauthenticated RCE via the Firmware upload UI at /pages/jpages (Zip Slip). An attacker can upload a malicious archive that is extracted without...