CISA Known Exploited Vulnerability (KEV)
Sunhillo SureLine OS Command Injection Vulnerablity
March 5, 2024
March 26, 2024
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Description
Sunhillo SureLine before 8.7.0.1.1 allows Unauthenticated OS Command Injection via shell metacharacters in ipAddr or dnsAddr /cgi/networkDiag.cgi.
References
Weakness Enumeration
CWE-ID | CWE Name |
---|---|
CWE-78 |
Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) |