CVE-2024-30220

2024-04-1511:15:08

[email protected]

web.nvd.nist.gov

command injection

mzk-mf300n

network-adjacent

unauthenticated attacker

arbitrary command

specially crafted request

port

cve-2024-30220

nvd

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Command injection vulnerability in MZK-MF300N all firmware versions allows a network-adjacent unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port.

CNA Affected

[
  {
    "vendor": "PLANEX COMMUNICATIONS INC.",
    "product": "MZK-MF300N",
    "versions": [
      {
        "version": "all firmware versions",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/vu/JVNVU91975826/