We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Assigner | talos |
Reserved | 2023-12-07 |
Published | 2024-07-08 |
Updated | 2024-08-02 |
Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command injection is related to the `targetAPSsid` request's parameter.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Discovered by Francesco Benvenuto of Cisco Talos.
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1899