ID
CVE
TITLE
VIVOTEK Inc. of cc8160 Command injection vulnerability in firmware
sources:
JVNDB: JVNDB-2024-005012
DESCRIPTION
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Vivotek CC8160 VVTK-0100d. It has been classified as critical. This affects the function getenv of the file upload_file.cgi. The manipulation of the argument QUERY_STRING leads to command injection. It is possible to initiate the attack remotely. The identifier VDB-273525 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the affected release tree is end-of-life. VIVOTEK Inc. of cc8160 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
sources:
NVD: CVE-2024-7440 //
JVNDB: JVNDB-2024-005012
AFFECTED PRODUCTS
| vendor: | vivotek | model: | cc8160 | scope: | eq | version: | - | |
| vendor: | vivotek | model: | cc8160 | scope: | eq | version: | cc8160 firmware | |
| vendor: | vivotek | model: | cc8160 | scope: | - | version: | - | |
sources:
JVNDB: JVNDB-2024-005012 //
NVD: CVE-2024-7440
CVSS
SEVERITY | CVSSV2 | CVSSV3 |
| cna@vuldb.com: | CVE-2024-7440 | |
|
| value: | MEDIUM | | | nvd@nist.gov: | CVE-2024-7440 | |
|
| value: | CRITICAL | | | OTHER: | JVNDB-2024-005012 | |
|
| value: | CRITICAL | |
| | cna@vuldb.com: | CVE-2024-7440 | |
|
| severity: | MEDIUM | | baseScore: | 6.5 | | vectorString: | AV:N/AC:L/AU:S/C:P/I:P/A:P | | accessVector: | NETWORK | | accessComplexity: | LOW | | authentication: | SINGLE | | confidentialityImpact: | PARTIAL | | integrityImpact: | PARTIAL | | availabilityImpact: | PARTIAL | | exploitabilityScore: | 8.0 | | impactScore: | 6.4 | | acInsufInfo: | NONE | | obtainAllPrivilege: | NONE | | obtainUserPrivilege: | NONE | | obtainOtherPrivilege: | NONE | | userInteractionRequired: | NONE | | version: | 2.0 | | | OTHER: | JVNDB-2024-005012 | |
|
| severity: | MEDIUM | | baseScore: | 6.5 | | vectorString: | AV:N/AC:L/AU:S/C:P/I:P/A:P | | accessVector: | NETWORK | | accessComplexity: | LOW | | authentication: | SINGLE | | confidentialityImpact: | PARTIAL | | integrityImpact: | PARTIAL | | availabilityImpact: | PARTIAL | | exploitabilityScore: | NONE | | impactScore: | NONE | | acInsufInfo: | NONE | | obtainAllPrivilege: | NONE | | obtainUserPrivilege: | NONE | | obtainOtherPrivilege: | NONE | | userInteractionRequired: | NONE | | version: | 2.0 | |
| | cna@vuldb.com: | CVE-2024-7440 | |
|
| baseSeverity: | MEDIUM | | baseScore: | 6.3 | | vectorString: | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L | | attackVector: | NETWORK | | attackComplexity: | LOW | | privilegesRequired: | LOW | | userInteraction: | NONE | | scope: | UNCHANGED | | confidentialityImpact: | LOW | | integrityImpact: | LOW | | availabilityImpact: | LOW | | exploitabilityScore: | 2.8 | | impactScore: | 3.4 | | version: | 3.1 | | | nvd@nist.gov: | CVE-2024-7440 | |
|
| baseSeverity: | CRITICAL | | baseScore: | 9.8 | | vectorString: | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | | attackVector: | NETWORK | | attackComplexity: | LOW | | privilegesRequired: | NONE | | userInteraction: | NONE | | scope: | UNCHANGED | | confidentialityImpact: | HIGH | | integrityImpact: | HIGH | | availabilityImpact: | HIGH | | exploitabilityScore: | 3.9 | | impactScore: | 5.9 | | version: | 3.1 | | | NVD: | JVNDB-2024-005012 | |
|
| baseSeverity: | CRITICAL | | baseScore: | 9.8 | | vectorString: | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | | attackVector: | NETWORK | | attackComplexity: | LOW | | privilegesRequired: | NONE | | userInteraction: | NONE | | scope: | UNCHANGED | | confidentialityImpact: | HIGH | | integrityImpact: | HIGH | | availabilityImpact: | HIGH | | exploitabilityScore: | NONE | | impactScore: | NONE | | version: | 3.0 | |
|
sources:
JVNDB: JVNDB-2024-005012 //
NVD: CVE-2024-7440 //
NVD: CVE-2024-7440
PROBLEMTYPE DATA
| problemtype: | CWE-77 | |
| problemtype: | Command injection (CWE-77) [NVD evaluation ] | |
sources:
JVNDB: JVNDB-2024-005012 //
NVD: CVE-2024-7440
EXTERNAL IDS
| db: | NVD | id: | CVE-2024-7440 | |
| db: | VULDB | id: | 273525 | |
| db: | JVNDB | id: | JVNDB-2024-005012 | |
sources:
JVNDB: JVNDB-2024-005012 //
NVD: CVE-2024-7440
REFERENCES
| url: | https://vuldb.com/?submit.383839 | |
| url: | https://vuldb.com/?ctiid.273525 | |
| url: | https://vuldb.com/?id.273525 | |
| url: | https://yjz233.notion.site/0213043a8c7e498a9e73a0b6f0fa9f29?pvs=4 | |
| url: | https://nvd.nist.gov/vuln/detail/cve-2024-7440 | |
sources:
JVNDB: JVNDB-2024-005012 //
NVD: CVE-2024-7440
SOURCES
| db: | JVNDB | id: | JVNDB-2024-005012 |
| db: | NVD | id: | CVE-2024-7440 |
LAST UPDATE DATE
2024-08-15T12:49:54.523000+00:00
SOURCES UPDATE DATE
| db: | JVNDB | id: | JVNDB-2024-005012 | date: | 2024-08-08T03:13:00 |
| db: | NVD | id: | CVE-2024-7440 | date: | 2024-08-07T21:15:41.940 |
SOURCES RELEASE DATE
| db: | JVNDB | id: | JVNDB-2024-005012 | date: | 2024-08-08T00:00:00 |
| db: | NVD | id: | CVE-2024-7440 | date: | 2024-08-03T17:15:49.667 |
