VYPR
Unrated severityNVD Advisory· Published Jun 9, 2024· Updated Oct 25, 2024

CVE-2024-37570

CVE-2024-37570

Description

On Mitel 6869i 4.5.0.41 devices, the Manual Firmware Update (upgrade.html) page does not perform sanitization on the username and path parameters (sent by an authenticated user) before appending flags to the busybox ftpget command. This leads to $() command execution.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Mitel/6869idescription
  • Mitel/6869illm-fuzzy
    Range: =4.5.0.41

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.