8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
53.0%
Vinchin Backup and Recovery versions 7.2 and below suffer from a command injection vulnerability in the setNetworkCardInfo function.
CVE ID: CVE-2024-22900
Title: Command Injection Vulnerability in Vinchin Backup and Recovery Versions 7.2 and Earlier
Description:
A critical security vulnerability, identified as CVE-2024-22900, has been discovered in Vinchin Backup and Recovery software, affecting versions 7.2 and earlier. The vulnerability is present in the `setNetworkCardInfo` function, which is intended to update network card information.
Details:
1. The function collects the `NAME` parameter from the user request and assigns it to a variable `$name`.
2. The `NAME` parameter value is then used to construct a file path in the `setNetworkCardInfo` function, leading to potential command injection.
3. The vulnerability arises from the use of user-supplied input in system commands without proper validation and sanitization.
Impact:
This vulnerability allows an attacker to inject arbitrary commands via the `NAME` parameter, potentially leading to unauthorized access or control over the affected system.
Current Status:
As of the current date, there is no known patch available for this vulnerability. Users of Vinchin Backup and Recovery versions 7.2 and earlier are at risk.
Recommendation:
It is strongly recommended that users of the affected software versions remain vigilant and monitor Vinchin's updates for a security patch. Upon release of a patch, users should prioritize updating their systems to mitigate this security risk.
Signed,Valentin Lobstein
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
53.0%