CVE-2014-125001

Published: May 24, 2022Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A vulnerability classified as critical has been found in Cardo Systems Scala Rider Q3. Affected is the file /cardo/api of the Cardo-Updater. Unauthenticated remote code execution with root permissions is possible. Firewalling or disabling the service is recommended.

Affected (1)

Products: Cardosystems: Scala Rider Q3 Firmware

1 product

Scala Rider Q3 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cardosystems Scala Rider Q3 Firmware	All versions

Running on/with	Platform Versions
Cardosystems Scala Rider Q3	All versions

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (4)

http://www.remote-exploit.org/archives/2014/06/03/ride_with_the_devil/

Source: cna@vuldb.com

ExploitThird Party Advisory

https://vuldb.com/?id.13428

Source: cna@vuldb.com

Third Party Advisory

http://www.remote-exploit.org/archives/2014/06/03/ride_with_the_devil/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://vuldb.com/?id.13428

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.