CVE-2024-3346

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Apr 5, 2024

Updated: Jun 4, 2024

CWE ID 79

Summary

CVE-2024-3346 is a critical vulnerability affecting the Byzoro Smart S80 up to version 20240328. This issue lies in the unknown code of the file /log/webmailattach.php, where manipulation of the mail_file_path argument can lead to os command injection. An attacker can initiate this exploit remotely, and the vulnerability has been publicly disclosed, increasing the risk of exploitation. The Various Database (VDB) has assigned the identifier VDB-259450 to this vulnerability. Regrettably, the vendor was contacted about this disclosure but did not respond, leaving users exposed to potential attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vjz2IV
https://www.cve.org/CVERecord?id=CVE-2024-3346
https://nvd.nist.gov/vuln/detail/CVE-2024-3346

Back to Vulnerability Database

CVE-2024-3346

CVSS 3.1 Score 7.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations