{ "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2024-9166", "ASSIGNER": "ics-cert@hq.dhs.gov", "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", "value": "The device enables an unauthorized attacker to execute system commands with elevated privileges. This exploit is facilitated through the use of the 'getcommand' query within the application, allowing the attacker to gain root access." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "cweId": "CWE-78" } ] } ] }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "Atelmo", "product": { "product_data": [ { "product_name": "Atemio AM 520 HD Full HD Satellite Receiver", "version": { "version_data": [ { "version_affected": "<=", "version_name": "0", "version_value": "TitanNit 2.01" } ] } } ] } } ] } }, "references": { "reference_data": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-03", "refsource": "MISC", "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-03" } ] }, "generator": { "engine": "Vulnogram 0.2.0" }, "source": { "discovery": "UNKNOWN" }, "solution": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "

Atelmo has stated that this product has been discontinued. There are no service or support addresses that can be contacted.

For more information, contact Atelmo.

\n\n
" } ], "value": "Atelmo has stated that this product has been discontinued. There are no service or support addresses that can be contacted.\n\nFor more information, contact Atelmo https://www.atelmo.com/epages/Atelmo.sf/de_DE/ ." } ], "credits": [ { "lang": "en", "value": "CISA discovered a public Proof of Concept (PoC) as authored by Gjoko Krstic and reported it to Atelmo." } ] }