What the vulnerability does
01Description
Versions of INEA ME RTU firmware 3.36b and prior are vulnerable to operating system (OS) command injection, which could allow remote code execution.
CVSS base score
9.9/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Key dates
02Disclosure timeline
November 20, 2023
CVE published
August 29, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2024-0298 Totolink N200RE cstecgi.cgi setDiagnosisCfg os command injection
CVE-2026-42290 protobufjs-cli: OS Command Injection
CVE-2023-47209
CVE-2020-37125 Edimax Technology EW-7438RPn-v3 Mini 1.27 - Remote Code Execution
CVE-2026-5678 Totolink A7100RU cstecgi.cgi setScheduleCfg os command injection
