High severity7.3NVD Advisory· Published Dec 10, 2024· Updated Jun 17, 2026
CVE-2024-28138
CVE-2024-28138
Description
An unauthenticated attacker with network access to the affected device's web interface can execute any system command via the "msg_events.php" script as the www-data user. The HTTP GET parameter "data" is not properly sanitized.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.