Created on 2024-12-20 07:12 and updated on 2024-12-20 07:12.

Description

CVE-2024-20353 is a denial-of-service attack that allows a remote, unauthenticated attacker to cause the device to reload unexpectedly, resulting in a denial-of-service condition. CVE-2024-20358 is a command injection attack that allows a local, authenticated attacker with Administrator level privileges to run arbitrary commands as root on the underlying device operating system. CVE-2024-20359 is similar and is an arbitrary code execution attack that allows a local, authenticated attacker with Administrator level privileges to execute arbitrary code as root on the underlying device operating system.

Vulnerabilities included in this bundle

Author

Jean-Louis Huynen

Combined sightings

Author Vulnerability Source Type Date