CVE-2024-8330

Summary

CVE-2024-8330 identifies a vulnerability in the 6SHR system from Gether Technology, which fails to validate uploaded file types, allowing remote attackers to upload web shell scripts. This flaw affects products designated as yLCBPC and poses a high risk, with a CVSS base score of 8.8, indicating significant potential for integrity and confidentiality impacts. Attackers can exploit this vulnerability with low privileges and no user interaction, making it easier to execute arbitrary commands on the server. To remediate this issue, organizations should implement strict validation checks for file uploads and restrict executable file types. Failure to address this vulnerability could lead to severe consequences, including unauthorized access and control over affected systems.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.