Vulnerability CVE-2024-22900


Published: 2024-02-02

Description:
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the setNetworkCardInfo function.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Vinchin Backup And Recovery 7.2 setNetworkCardInfo Command Injection
Valentin Lobstei...
26.01.2024

Type:

CWE-78

(Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') )

 References:
http://vinchin.com
https://seclists.org/fulldisclosure/2024/Jan/29
https://blog.leakix.net/2024/01/vinchin-backup-rce-chain/

Copyright 2024, cxsecurity.com

 

Back to Top