VDE-2024-032 | CERT@VDE

2024-07-03 11:00 (CEST) VDE-2024-032

Helmholz: REX 100 vulnerable to OS command injection

Share: Email | Twitter

ID

VDE-2024-032

Published

2024-07-03 11:00 (CEST)

Last update

2024-07-03 15:33 (CEST)

Vendor(s)

Helmholz GmbH & Co. KG

Product(s)

Article No°	Product Name	Affected Version(s)
	REX 100	<= 2.2.11

Summary

There exists a vulnerability in all REX 100 devices with firmware <= 2.2.11 that allows an authenticated attacker to execute arbitrary system commands via GET requests.

Update: 03.07.2024 3:30pm

In section Reported by Sebastian Dietz (CyberDanube) was added.

CVE ID

CVE-2024-5672

Last Update:

Aug. 30, 2024, 9:24 a.m.

Severity

7.2 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

Weakness

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)

Summary

A high privileged remote attacker can execute arbitrary system commands via GET requests due to improper neutralization of special elements used in an OS command.

Details

cert.vde.com

Impact

See CVE description.

Solution

Mitigation

As this is an authenticated exploit, you can mitigate it by making sure that no malicious actor can login to a vulnerable device.

Remediation

Update to latest version: 2.2.13

Reported by

CERT@VDE coordinated with Helmholz

Reported by Sebastian Dietz (CyberDanube)