CVE-2024-28025

Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability refers to the authenticated OS Command Injection that occurs through the attacker-controlled `btn1` parameter, at offset `0x8eb0`.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1953	Exploit Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1953

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:mc-technologies:mc_lr_router_firmware:2.10.5:*:*:*:*:*:*:*

cpe:2.3:h:mc-technologies:mc_lr_router:-:*:*:*:*:*:*:*

History

03 Nov 2025, 22:16

Type	Values Removed	Values Added
References		() https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1953 -

26 Aug 2025, 01:20

Type	Values Removed	Values Added
CPE		cpe:2.3:o:mc-technologies:mc_lr_router_firmware:2.10.5:::::::* cpe:2.3:h:mc-technologies:mc_lr_router:-:::::::*
First Time		Mc-technologies mc Lr Router Mc-technologies Mc-technologies mc Lr Router Firmware
References	~~() https://talosintelligence.com/vulnerability_reports/TALOS-2024-1953 -~~	() https://talosintelligence.com/vulnerability_reports/TALOS-2024-1953 - Exploit, Third Party Advisory

Information

Published : 2024-11-21 15:15

Updated : 2025-11-03 22:16

NVD link : CVE-2024-28025

Mitre link : CVE-2024-28025

CVE.ORG link : CVE-2024-28025

JSON object : View

Products Affected

mc-technologies

mc_lr_router
mc_lr_router_firmware

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2024-28025", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2024-11-21T15:15:28.027", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1953", "tags": ["Exploit", "Third Party Advisory"], "source": "talos-cna@cisco.com"}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1953", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "talos-cna@cisco.com", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability refers to the authenticated OS Command Injection that occurs through the attacker-controlled `btn1` parameter, at offset `0x8eb0`."}, {"lang": "es", "value": "Existen tres vulnerabilidades de inyecci\u00f3n de comandos del sistema operativo en la funcionalidad de configuraci\u00f3n de E/S de la interfaz web de MC Technologies MC LR Router 2.10.5. Una solicitud HTTP especialmente manipulada puede provocar la ejecuci\u00f3n de comandos arbitrarios. Un atacante puede realizar una solicitud HTTP autenticada para activar estas vulnerabilidades. Esta vulnerabilidad se refiere a la inyecci\u00f3n de comandos del sistema operativo autenticada que se produce a trav\u00e9s del par\u00e1metro `btn1` controlado por el atacante, en el desplazamiento `0x8eb0`."}], "lastModified": "2025-11-03T22:16:49.053", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mc-technologies:mc_lr_router_firmware:2.10.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95D3D1A7-DA67-4319-B836-010FCBE4B63C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mc-technologies:mc_lr_router:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "330D7083-CDC2-4532-8F13-109C8272F5BF"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "talos-cna@cisco.com"}