CVE-2024-28026

Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability refers to the authenticated OS Command Injection that occurs through the attacker-controlled `out1` parameter, at offset `0x8efc`. int out_ret = sscanf(current_param->key, "out%u", &io_idx); if (out_ret == 1 && io_idx == 1) { // [4] Similar to `3`, but `out1` instead of `btn1` if (asprintf(&command, "/usr/sbin/vout %s %u vo_manual", current_param->value, 1) > 0) { system(command); return -1; } }

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1953	Exploit Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1953

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:mc-technologies:mc_lr_router_firmware:2.10.5:*:*:*:*:*:*:*

cpe:2.3:h:mc-technologies:mc_lr_router:-:*:*:*:*:*:*:*

History

03 Nov 2025, 22:16

Type	Values Removed	Values Added
References		() https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1953 -

26 Aug 2025, 01:21

Type	Values Removed	Values Added
First Time		Mc-technologies mc Lr Router Mc-technologies Mc-technologies mc Lr Router Firmware
References	~~() https://talosintelligence.com/vulnerability_reports/TALOS-2024-1953 -~~	() https://talosintelligence.com/vulnerability_reports/TALOS-2024-1953 - Exploit, Third Party Advisory
CPE		cpe:2.3:o:mc-technologies:mc_lr_router_firmware:2.10.5:::::::* cpe:2.3:h:mc-technologies:mc_lr_router:-:::::::*

Information

Published : 2024-11-21 15:15

Updated : 2025-11-03 22:16

NVD link : CVE-2024-28026

Mitre link : CVE-2024-28026

CVE.ORG link : CVE-2024-28026

JSON object : View

Products Affected

mc-technologies

mc_lr_router
mc_lr_router_firmware

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2024-28026", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2024-11-21T15:15:28.323", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1953", "tags": ["Exploit", "Third Party Advisory"], "source": "talos-cna@cisco.com"}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1953", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "talos-cna@cisco.com", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability refers to the authenticated OS Command Injection that occurs through the attacker-controlled `out1` parameter, at offset `0x8efc`.\r\n\r\n \r\n int out_ret = sscanf(current_param->key, \"out%u\", &io_idx);\r\n if (out_ret == 1 && io_idx == 1)\r\n {\r\n // [4] Similar to `3`, but `out1` instead of `btn1`\r\n if (asprintf(&command, \"/usr/sbin/vout %s %u vo_manual\", current_param->value, 1) > 0)\r\n {\r\n system(command);\r\n return -1;\r\n }\r\n }"}, {"lang": "es", "value": "Existen tres vulnerabilidades de inyecci\u00f3n de comandos del sistema operativo en la funcionalidad de configuraci\u00f3n de E/S de la interfaz web del enrutador MC LR 2.10.5 de MC Technologies. Una solicitud HTTP especialmente manipulada puede provocar la ejecuci\u00f3n de comandos arbitrarios. Un atacante puede realizar una solicitud HTTP autenticada para activar estas vulnerabilidades. Esta vulnerabilidad se refiere a la inyecci\u00f3n de comandos del sistema operativo autenticada que se produce a trav\u00e9s del par\u00e1metro `out1` controlado por el atacante, en el desplazamiento `0x8efc`. int out_ret = sscanf(current_param->key, \"out%u\", &io_idx); if (out_ret == 1 && io_idx == 1) { // [4] Similar a `3`, pero `out1` en lugar de `btn1` if (asprintf(&command, \"/usr/sbin/vout %s %u vo_manual\", current_param->value, 1) > 0) { system(command); return -1; } }"}], "lastModified": "2025-11-03T22:16:49.203", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mc-technologies:mc_lr_router_firmware:2.10.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95D3D1A7-DA67-4319-B836-010FCBE4B63C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mc-technologies:mc_lr_router:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "330D7083-CDC2-4532-8F13-109C8272F5BF"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "talos-cna@cisco.com"}