CVE-2024-46658
published 2024-10-03CVE-2024-46658: Syrotech SY-GOPON-8OLT-L3 v1.6.0_240629 was discovered to contain an authenticated command injection vulnerability.
PriorityP356high8CVSS 3.1
AVAACLPRLUINSUCHIHAH
EPSS
23.11%
97.5th percentile
Syrotech SY-GOPON-8OLT-L3 v1.6.0_240629 was discovered to contain an authenticated command injection vulnerability.
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS Syrotec/GPON shellCMDExec command Parameter Command Injection Attempt (CVE-2024-46658)
suricata·2025-10-16·CVSS 8.0
CVE-2024-46658 [HIGH] ET WEB_SPECIFIC_APPS Syrotec/GPON shellCMDExec command Parameter Command Injection Attempt (CVE-2024-46658)
ET WEB_SPECIFIC_APPS Syrotec/GPON shellCMDExec command Parameter Command Injection Attempt (CVE-2024-46658)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Syrotec/GPON shellCMDExec command Parameter Command Injection Attempt (CVE-2024-46658)"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/cgi/home.php|3f|"; startswith; content:"fun|3d|system"; content:"page=shellCMDExec"; fast_pattern; content:"command|3d|"; pcre:"/^[^\x26]*?(?:(?:\x3b|%3[Bb])|(?:\x0a|%0[Aa])|(?:\x60|%60)|(?:\x7c|%7[Cc])|(?:\x24|%24))+/R"; reference:url,github.com/jackalkarlos/CVE-2024-46658/tree/main; reference:cve,2024-46658; classtype:attempted-admin; sid:2065217; rev:1; metadata:affected_product Syrotec, attack_target Networking_Equipment, tls_state plaintext, create
No public exploits indexed.
No writeups or analysis indexed.
2024-10-03
Published