Description

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Newtec/iDirect NTC2218, NTC2250, NTC2299 on Linux, PowerPC, ARM allows Local Code Inclusion.This issue affects NTC2218, NTC2250, NTC2299: from 1.0.1.1 through 2.2.6.19. The `commit_multicast` page used to configure multicasts in the modem's web administration interface uses improperly parses incoming data from the request before passing it to an `eval` statement in a bash script. This allows attackers to inject arbitrary shell commands.

INFO

Published Date :

2025-01-17T14:01:03.084Z

Last Modified :

2025-01-17T14:49:20.740Z

Source :

NCSC.ch
AFFECTED PRODUCTS

The following products are affected by CVE-2024-13502 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-13502.

URL Resource
https://doi.org/10.1145/3643833.3656139 cve-icon cve-icon
https://www.youtube.com/watch?v=-pxmly8xeas cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability