Vulnerability CVE-2024-41925
Published: 2024-10-03   Modified: 2024-10-04

Description:
The web service for ONS-S8 - Spectra Aggregation Switch includes functions which do not properly validate user input, allowing an attacker to traverse directories, bypass authentication, and execute remote code.

Type:

CWE-98

 (Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion'))

 References:
https://www.cisa.gov/news-events/ics-advisories/icsa-24-275-01
Copyright 2024, cxsecurity.com

 

Back to Top