cbcvebase.
CVE-2024-28025
published 2024-11-21

CVE-2024-28025: Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially…

PriorityP356high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
7.50%
93.7th percentile
Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability refers to the authenticated OS Command Injection that occurs through the attacker-controlled `btn1` parameter, at offset `0x8eb0`.

Affected

2 ranges
VendorProductVersion rangeFixed in
mc-technologiesmc_lr_router_firmware
mc_technologiesmc_lr_router
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.