A vulnerability was found in Caton Live up to 2023-04-26 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/ping.cgi of the component Mini_HTTPD. The manipulation of the argument address with the input ;id;uname${IFS}-a leads to command injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-228911. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
Link | Resource |
---|---|
https://vuldb.com/?ctiid.228911 | Permissions Required Third Party Advisory |
https://vuldb.com/?id.228911 | Permissions Required Third Party Advisory |
Configurations
History
24 May 2023, 01:06
Type | Values Removed | Values Added |
---|---|---|
First Time |
Catontechnology caton Live
Catontechnology |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
References | (MISC) https://vuldb.com/?id.228911 - Permissions Required, Third Party Advisory | |
References | (MISC) https://vuldb.com/?ctiid.228911 - Permissions Required, Third Party Advisory | |
CPE | cpe:2.3:a:catontechnology:caton_live:*:*:*:*:*:*:*:* |
12 May 2023, 13:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-05-12 13:15
Updated : 2024-05-17 02:23
NVD link : CVE-2023-2682
Mitre link : CVE-2023-2682
CVE.ORG link : CVE-2023-2682
JSON object : View
Products Affected
catontechnology
- caton_live
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')