CVE-2024-8330

Published: Aug 30, 2024Modified: Sep 5, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: twcert@cert.org.tw (Secondary)

Description

6SHR system from Gether Technology does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload web shell scripts and use them to execute arbitrary system commands on the server.

Affected (1)

Products: 6shr System Project: 6shr System

6shr System Project

1 product

6shr System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
6shr System Project 6shr System	All versions

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://www.twcert.org.tw/en/cp-139-8035-53926-2.html

Source: twcert@cert.org.tw

Vendor Advisory

https://www.twcert.org.tw/tw/cp-132-8031-a2f21-1.html

Source: twcert@cert.org.tw

Vendor Advisory

Timeline

No history available yet.