cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-37569,https://securityvulnerability.io/vulnerability/CVE-2024-37569,Command Injection Vulnerability in Mitel 6869i Devices,"A security flaw has been identified in Mitel 6869i devices running versions up to 4.5.0.41 and 5.x up to 5.0.0.1018. This vulnerability allows an authenticated user to exploit a command injection through improperly sanitized input in the hostname parameter of the provis.html endpoint. Since the input is executed as part of shell commands during system boot, attackers can execute arbitrary commands in the system's root context by injecting shell metacharacters into the hostname. This serious oversight in input validation could lead to remote code execution, granting unauthorized control over the device.",Mitel,6869i Sip Firmware,8.8,HIGH,0.0006600000197067857,false,,false,false,false,,,false,false,,2024-06-09T20:15:00.000Z,0
CVE-2024-37570,https://securityvulnerability.io/vulnerability/CVE-2024-37570,Command Execution Vulnerability in Mitel 6869i 4.5.0.41 Devices via Manual Firmware Update Page,"Mitel 6869i devices running version 4.5.0.41 are affected by a security vulnerability stemming from a lack of input sanitization on the Manual Firmware Update page. An authenticated user can exploit this flaw by manipulating the username and path parameters sent to the system. This unsanitized input is passed directly to the busybox ftpget command, enabling the potential for arbitrary command execution within the device's environment.",Mitel,6869i Sip Firmware,8.8,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-06-09T20:15:00.000Z,0