CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-34852: F-logic DataCube3 v1.0 is affected by command injection due to improper string filtering at the command execution point in the...

Description

F-logic DataCube3 v1.0 is affected by command injection due to improper string filtering at the command execution point in the ./admin/transceiver_schedule.php file. An unauthenticated remote attacker can exploit this vulnerability by sending a file name containing command injection. Successful exploitation of this vulnerability may allow the attacker to execute system commands.

Classification

CVE ID: CVE-2024-34852

Affected Products

Vendor: n/a

Product: n/a

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.98% (scored less or equal to compared to others)

EPSS Date: 2025-03-14 (when was this score calculated)

References

https://github.com/Yang-Nankai/Vulnerabilities/blob/main/DataCube3%20Shell%20Code%20Injection.md

Timeline

2025-02-14 00:32:06 UTC
CVE

F-logic DataCube3 v1.0 is affected by command injection due to improper string filtering at the command execution point in the...