Skip to main content

CVE-2024-22894

Description

An issue fixed in AIT-Deutschland Alpha Innotec Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later and Novelan Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later, allows remote attackers to execute arbitrary code via the password component in the shadow file.

NVD
Severity: MEDIUM
CVE ID: CVE-2024-22894
CVSS Score: 6.8
CVSS Metrics: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Refrence: NVDMITRE

Proof Of Concept

Jaarden

Refrence: GitHub

Last updated on by Vulnerability_bot_v1.3.8