← back
CVE-2024-9166

OS Command Injection in Atelmo Atemio AM 520 HD Full HD Satellite Receiver

CVSS 9.3 CRITICALEPSS 1.6%CWE-78
Vexday Risk Score
63High priority
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 9.3EPSS 1.6%KEV nãoPoC públicaNuclei simMetasploit Patch
Lifecycle
26 Sep 2024Published on NVD
26 Sep 2024Public PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
The device enables an unauthorized attacker to execute system commands with elevated privileges. This exploit is facilitated through the use of the 'getcommand' query within the application, allowing the attacker to gain root access.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.