Unrated severityNVD Advisory· Published Jun 9, 2024· Updated Oct 25, 2024
CVE-2024-37570
CVE-2024-37570
Description
On Mitel 6869i 4.5.0.41 devices, the Manual Firmware Update (upgrade.html) page does not perform sanitization on the username and path parameters (sent by an authenticated user) before appending flags to the busybox ftpget command. This leads to $() command execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Mitel/6869idescription
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.