Description

sunniwell HT3300 before 1.0.0.B022.2 is vulnerable to Insecure Permissions. The /usr/local/bin/update program, which is responsible for updating the software in the HT3300 device, is given the execution mode of sudo NOPASSWD. This program is vulnerable to a command injection vulnerability, which could allow an attacker to pass commands to this program via command line arguments to gain elevated root privileges.

INFO

Published Date :

2024-11-08T00:00:00.000Z

Last Modified :

2024-11-18T14:43:39.165Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2024-48073 vulnerability.

Vendors Products
Sunniwell
  • Ht3300 Firmware
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-48073.

URL Resource
https://gist.github.com/Giles-one/56f677b96aab5a67fbe31dd41fd1303d cve-icon cve-icon
https://github.com/Giles-one/sunniwellHT3300PrivilegeEscalation cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact