All the vulnerabilites related to MC Technologies - MC LR Router
cve-2024-28025
Vulnerability from cvelistv5
Published
2024-11-21 14:41
Modified
2024-11-22 14:23
Severity ?
EPSS score ?
Summary
Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability refers to the authenticated OS Command Injection that occurs through the attacker-controlled `btn1` parameter, at offset `0x8eb0`.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | MC Technologies | MC LR Router |
Version: 2.10.5 (QEMU) |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mc_technologies:mc_lr_router:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mc_lr_router",
"vendor": "mc_technologies",
"versions": [
{
"status": "affected",
"version": "2.10.5qemu"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28025",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-22T14:23:08.783606Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T14:23:59.618Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MC LR Router",
"vendor": "MC Technologies",
"versions": [
{
"status": "affected",
"version": "2.10.5 (QEMU)"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Matt Wiseman of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability refers to the authenticated OS Command Injection that occurs through the attacker-controlled `btn1` parameter, at offset `0x8eb0`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T14:41:20.018Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1953",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1953"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2024-28025",
"datePublished": "2024-11-21T14:41:20.018Z",
"dateReserved": "2024-02-29T21:52:03.205Z",
"dateUpdated": "2024-11-22T14:23:59.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-21786
Vulnerability from cvelistv5
Published
2024-11-21 14:41
Modified
2024-11-22 14:25
Severity ?
EPSS score ?
Summary
An OS command injection vulnerability exists in the web interface configuration upload functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | MC Technologies | MC LR Router |
Version: 2.10.5 (QEMU) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-11-21T16:03:28.848Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1954"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mc_technologies:mc_lr_router:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mc_lr_router",
"vendor": "mc_technologies",
"versions": [
{
"status": "affected",
"version": "2.10.5qemu"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21786",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-22T14:24:32.247494Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T14:25:07.195Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MC LR Router",
"vendor": "MC Technologies",
"versions": [
{
"status": "affected",
"version": "2.10.5 (QEMU)"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Matt Wiseman of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability exists in the web interface configuration upload functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T14:41:19.212Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1954",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1954"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2024-21786",
"datePublished": "2024-11-21T14:41:19.212Z",
"dateReserved": "2024-02-29T21:52:48.326Z",
"dateUpdated": "2024-11-22T14:25:07.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-28026
Vulnerability from cvelistv5
Published
2024-11-21 14:41
Modified
2024-11-22 14:22
Severity ?
EPSS score ?
Summary
Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability refers to the authenticated OS Command Injection that occurs through the attacker-controlled `out1` parameter, at offset `0x8efc`.
int out_ret = sscanf(current_param->key, "out%u", &io_idx);
if (out_ret == 1 && io_idx == 1)
{
// [4] Similar to `3`, but `out1` instead of `btn1`
if (asprintf(&command, "/usr/sbin/vout %s %u vo_manual", current_param->value, 1) > 0)
{
system(command);
return -1;
}
}
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | MC Technologies | MC LR Router |
Version: 2.10.5 (QEMU) |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mc_technologies:mc_lr_router:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mc_lr_router",
"vendor": "mc_technologies",
"versions": [
{
"status": "affected",
"version": "2.10.5qemu"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28026",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-22T14:21:55.406688Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T14:22:47.416Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MC LR Router",
"vendor": "MC Technologies",
"versions": [
{
"status": "affected",
"version": "2.10.5 (QEMU)"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Matt Wiseman of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability refers to the authenticated OS Command Injection that occurs through the attacker-controlled `out1` parameter, at offset `0x8efc`.\r\n\r\n \r\n int out_ret = sscanf(current_param-\u003ekey, \"out%u\", \u0026io_idx);\r\n if (out_ret == 1 \u0026\u0026 io_idx == 1)\r\n {\r\n // [4] Similar to `3`, but `out1` instead of `btn1`\r\n if (asprintf(\u0026command, \"/usr/sbin/vout %s %u vo_manual\", current_param-\u003evalue, 1) \u003e 0)\r\n {\r\n system(command);\r\n return -1;\r\n }\r\n }"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T14:41:20.234Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1953",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1953"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2024-28026",
"datePublished": "2024-11-21T14:41:20.234Z",
"dateReserved": "2024-02-29T21:52:03.205Z",
"dateUpdated": "2024-11-22T14:22:47.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-28027
Vulnerability from cvelistv5
Published
2024-11-21 14:41
Modified
2024-11-22 14:18
Severity ?
EPSS score ?
Summary
Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability refers to the authetnicated OS Command injection that occurs through the attacker-controlled `timer1` parameter, at offset `0x8e80`.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | MC Technologies | MC LR Router |
Version: 2.10.5 (QEMU) |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mc_technologies:mc_lr_router:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mc_lr_router",
"vendor": "mc_technologies",
"versions": [
{
"status": "affected",
"version": "2.10.5qemu"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28027",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-22T14:16:17.471625Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T14:18:19.229Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MC LR Router",
"vendor": "MC Technologies",
"versions": [
{
"status": "affected",
"version": "2.10.5 (QEMU)"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Matt Wiseman of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability refers to the authetnicated OS Command injection that occurs through the attacker-controlled `timer1` parameter, at offset `0x8e80`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T14:41:20.405Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1953",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1953"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2024-28027",
"datePublished": "2024-11-21T14:41:20.405Z",
"dateReserved": "2024-02-29T21:52:03.205Z",
"dateUpdated": "2024-11-22T14:18:19.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}