Description

A remote code execution (RCE) vulnerability exists in the Pi Camera project, version 1.0, maintained by RECANTHA. The issue arises from improper sanitization of user input passed to the "position" GET parameter in the tilt.php script. An attacker can exploit this by sending crafted input data that includes malicious command sequences, allowing arbitrary commands to be executed on the server with the privileges of the web server user. This vulnerability is exploitable remotely and poses significant risk if the application is exposed to untrusted networks.

INFO

Published Date :

2024-09-03T00:00:00.000Z

Last Modified :

2024-09-04T13:35:17.037Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2024-44809 vulnerability.

Vendors Products
Recantha
  • Pi Camera Project
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-44809.

URL Resource
https://github.com/recantha/camera-pi/blob/ef018d212288cb16404f0b050593d20f0dc0467b/www/tilt.php#L4 cve-icon cve-icon
https://jacobmasse.medium.com/cve-2024-44809-remote-code-execution-in-raspberry-pi-camera-project-4b8e3486a628 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact