CVE-2024-8073

Published: Aug 26, 2024Modified: Sep 12, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Improper Input Validation vulnerability in Hillstone Networks Hillstone Networks Web Application Firewall on 5.5R6 allows Command Injection.This issue affects Hillstone Networks Web Application Firewall: from 5.5R6-2.6.7 through 5.5R6-2.8.13.

Affected (2)

Products: Hillstonenet: Web Application Firewall

Hillstonenet

1 product

Web Application Firewall

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Hillstonenet Web Application Firewall	Version 5.5r6-2.6.7
Hillstonenet Web Application Firewall	Version 5.5r6-2.8.13

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References (1)

https://www.hillstonenet.com.cn/security-notification/2024/08/21/mlzrld-2/

Source: sec@hillstonenet.com

Vendor Advisory

Timeline

No history available yet.