Vulnerability Description
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Vivotek SD9364 VVTK-0103f. It has been rated as critical. This issue affects the function getenv of the file upload_file.cgi. The manipulation of the argument QUERY_STRING leads to command injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-273527. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the affected release tree is end-of-life.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vivotek | Sd9364 Firmware | - |
| Vivotek | Sd9364 | - |
Related Weaknesses (CWE)
References
- https://vuldb.com/?ctiid.273527Permissions RequiredThird Party AdvisoryVDB Entry
- https://vuldb.com/?id.273527Permissions RequiredThird Party AdvisoryVDB Entry
- https://vuldb.com/?submit.383843Third Party AdvisoryVDB Entry
- https://yjz233.notion.site/vivotek-SD9364-has-command-injection-vulnerability-inPermissions Required
FAQ
What is CVE-2024-7442?
CVE-2024-7442 is a vulnerability with a CVSS score of 6.3 (MEDIUM). ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Vivotek SD9364 VVTK-0103f. It has been rated as critical. This issue affects the function getenv of the file upload_file.cgi. The manipulat...
How severe is CVE-2024-7442?
CVE-2024-7442 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-7442?
Check the references section above for vendor advisories and patch information. Affected products include: Vivotek Sd9364 Firmware, Vivotek Sd9364.