Description

An issue was discovered on Tuoshi/Dionlink LT15D 4G Wi-Fi devices through M7628NNxlSPv2xUI_v1.0.1802.10.08_P4 and LT21B devices through M7628xUSAxUIv2_v1.0.1481.15.02_P0. A unauthenticated remote attacker with network access can exploit a command injection vulnerability. The /goform/formJsonAjaxReq endpoint fails to sanitize shell metacharacters sent via JSON parameters, thus allowing attackers to execute arbitrary OS commands with root privileges.

INFO

Published Date :

2025-02-27T00:00:00.000Z

Last Modified :

2025-03-04T14:34:58.859Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2024-53944 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-53944.

URL Resource
http://www.tuoshi.net/productview.asp?id=218 cve-icon cve-icon
http://www.tuoshi.net/productview.asp?id=226 cve-icon cve-icon
https://github.com/actuator/cve/blob/main/Tuoshi/CVE-2024-53944-Whitepaper.pdf cve-icon cve-icon cve-icon
https://github.com/actuator/cve/blob/main/Tuoshi/CVE-2024-53944.txt cve-icon cve-icon
https://github.com/actuator/cve/blob/main/Tuoshi/Firmware-M7628NNxISPv2xUI_v1.0.1802.10.08_P4-Blind-CMD-Injection-unauth-WAN.gif cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact