CVE-2024-9154 | THREATINT

Description

A code injection vulnerability in HMS Networks Ewon Flexy 205 allows executing commands on system level on the device. This issue affects Ewon Flexy 205: through 14.8s0 (#2633).

PUBLISHED Reserved 2024-09-24 | Published 2024-12-19 | Updated 2024-12-22 | Assigner CyberDanube

HIGH: 8.6CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-94 Improper Control of Generation of Code ('Code Injection')

Product status

Default status

unaffected

Any version

affected

Credits

Thomas Fankhauser (CyberDanube) finder

References

seclists.org/fulldisclosure/2024/Dec/18

cyberdanube.com/...-remote-code-execution-in-ewon-flexy-205/

cve.org (CVE-2024-9154)

nvd.nist.gov (CVE-2024-9154)

Download JSON