CVE-2024-47901
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-47901
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which is not the default configuration)). The web server of affected devices does not sanitize the input parameters in specific GET requests that allow for code execution on operating system level. In combination with other vulnerabilities (CVE-2024-47902, CVE-2024-47903, CVE-2024-47904) this could allow an unauthenticated remote attacker to execute arbitrary code with root privileges.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Siemens InterMesh 7177和Siemens InterMesh 7707 操作系统命令注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Siemens InterMesh 7177和Siemens InterMesh 7707都是美国西门子(Siemens)公司的一款远程 IP 链路接收器。 Siemens InterMesh 7177和Siemens InterMesh 7707存在操作系统命令注入漏洞,该漏洞源于Web服务器输入参数清理不当,从而允许在操作系统级别执行代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Siemens | InterMesh 7177 Hybrid 2.0 Subscriber | 0 ~ V8.2.12 | - | |
| Siemens | InterMesh 7707 Fire Subscriber | 0 ~ V7.2.12 | - |
II. Public POCs for CVE-2024-47901
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-47901
请登录查看更多情报信息。
Same Patch Batch · Siemens · 2024-10-23 · 4 CVEs total
| CVE-2024-47904 | 7.8 HIGH | Siemens InterMesh 7177和Siemens InterMesh 7707 安全漏洞 |
| CVE-2024-47902 | 7.2 HIGH | Siemens InterMesh 7177和Siemens InterMesh 7707 访问控制错误漏洞 |
| CVE-2024-47903 | 5.8 MEDIUM | Siemens InterMesh 7177和Siemens InterMesh 7707 安全漏洞 |
IV. Related Vulnerabilities
Same weakness: CWE-78
- CVE-2026-8273
D-Link DNS-320 system_mgr.cgi cgi_merge_user os command inje - CVE-2026-8272
D-Link DNS-320 webfile_mgr.cgi chown os command injection - CVE-2026-8271
D-Link DNS-320 network_mgr.cgi cgi_upnp_edit os command inje - CVE-2026-8265
Tenda AC6 httpd getLogFile get_log_file os command injection - CVE-2026-8264
Tenda AC6 httpd WifiApScan formWifiApScan os command injecti
V. Comments for CVE-2024-47901
No comments yet