CVE-2019-11224
Description
OS command injection in HARMAN AMX MVP5150 v2.87.13 allows remote attackers to execute arbitrary commands.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
OS command injection in HARMAN AMX MVP5150 v2.87.13 allows remote attackers to execute arbitrary commands.
Vulnerability
The HARMAN AMX MVP5150 touch panel running firmware version 2.87.13 is vulnerable to a remote OS command injection [1]. The vulnerability resides in the device's web interface or similar network-accessible component, allowing an attacker to inject arbitrary operating system commands [2].
Exploitation
An attacker can exploit this vulnerability remotely, without requiring authentication or user interaction, by sending specially crafted HTTP requests to the device [1][2]. The exact sequence of steps is not disclosed in available references.
Impact
Successful exploitation enables an attacker to execute arbitrary commands on the underlying operating system with the privileges of the affected process, potentially leading to full device compromise, data exfiltration, or further network penetration [1][2].
Mitigation
The vendor has released firmware version 2.87.35, which addresses the vulnerability [2]. Users should contact AMX technical support to obtain the fixed firmware and upgrade immediately. No other workarounds are documented.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- HARMAN/AMX MVP5150description
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
2News mentions
0No linked articles in our index yet.