How severe is CVE-2024-6145?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2024-6145?

This is classified as CWE-134, which is a common weakness in software security.

CVE-2024-6145 - HIGH Severity | CVSS 8.8

Vulnerability Description

Actiontec WCB6200Q Cookie Format String Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP server. A crafted Cookie header in an HTTP request can trigger the use of a format specifier from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of the HTTP server. Was ZDI-CAN-21417.

Related Vulnerabilities

CVE-2014-8170

HIGH

CVSS:8.8(High)

ovirt_safe_delete_config in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings, w...

CWE-1342014

CVE-2016-10773

HIGH

CVSS:8.8(High)

cPanel before 60.0.25 allows format-string injection in exception-message handling (SEC-171).

CWE-1342016

CVE-2016-5716

HIGH

CVSS:8.8(High)

The console in Puppet Enterprise 2015.x and 2016.x prior to 2016.4.0 includes unsafe string reads that potentially allows for remote code execution on the console node.

CWE-1342016

CVE-2017-12702

HIGH

CVSS:8.8(High)

An Externally Controlled Format String issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. String format specifiers based on user provided input are not properly validated, wh...

CWE-1342017

CVE-2017-2403

HIGH

CVSS:8.8(High)

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Printing" component. A format-string vulnerability allows remote attackers to execute arbit...

CWE-1342017

CVE-2019-7228

HIGH

CVSS:8.8(High)

The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. Attempting to authenticate with the username %25s%25p%25x%25n will crash the server. Sendi...

CWE-1342019