Lucene search

TR-CERTVULNRICHMENT:CVE-2024-6699

HistoryJul 30, 2024 - 12:29 p.m.

CVE-2024-6699 SQLi in Mikafon Electronic's Mikafon MA7

2024-07-3012:29:42

CWE-89

TR-CERT

github.com

cve-2024-6699

sql injection

mikafon ma7

CVSS4

9.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:N/SA:N/AU:Y/R:U/V:C/RE:L

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

39.7%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Mikafon Electronic Inc. Mikafon MA7 allows SQL Injection.This issue affects Mikafon MA7: from v3.0 before v3.1.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:o:mikafonelectronic:mikafon_ma7_firmware:*:*:*:*:*:*:*:*"
    ],
    "vendor": "mikafonelectronic",
    "product": "mikafon_ma7_firmware",
    "versions": [
      {
        "status": "affected",
        "version": "3.0",
        "lessThan": "3.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.usom.gov.tr/bildirim/tr-24-1105

CVSS4

9.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:N/SA:N/AU:Y/R:U/V:C/RE:L

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

39.7%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-6699