Vulnerability Description
A command injection vulnerability in the Nmap diagnostic tool in the admin web console of Extron SMP 111 <=3.01, SMP 351 <=2.16, SMP 352 <= 2.16, and SME 211 <= 3.02, allows a remote authenticated attacker to execute arbitrary commands as root on the underlying operating system.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Extron | Smp 111 Firmware | <= 3.01 |
| Extron | Smp 111 | - |
| Extron | Smp 351 Firmware | <= 2.16 |
| Extron | Smp 351 | - |
| Extron | Smp 352 Firmware | <= 2.16 |
| Extron | Smp 352 | - |
| Extron | Sme 211 Firmware | <= 3.02 |
| Extron | Sme 211 | - |
Related Weaknesses (CWE)
References
- https://github.com/layer8secure/extron-smp-inject/ExploitThird Party Advisory
- https://ryanmroth.com/articles/exploiting-extron-smp-command-injectionExploitThird Party Advisory
- https://www.extron.com/article/smpProduct
FAQ
What is CVE-2024-50960?
CVE-2024-50960 is a vulnerability with a CVSS score of 7.2 (HIGH). A command injection vulnerability in the Nmap diagnostic tool in the admin web console of Extron SMP 111 <=3.01, SMP 351 <=2.16, SMP 352 <= 2.16, and SME 211 <= 3.02, allows a remote authenticated att...
How severe is CVE-2024-50960?
CVE-2024-50960 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-50960?
Check the references section above for vendor advisories and patch information. Affected products include: Extron Smp 111 Firmware, Extron Smp 111, Extron Smp 351 Firmware, Extron Smp 351, Extron Smp 352 Firmware.