Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-28806

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-29 Jul, 2024 | 00:00
Updated At-05 Aug, 2024 | 10:22
Rejected At-
Credits

An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. Remote unauthenticated attackers can upload files at an arbitrary path.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:29 Jul, 2024 | 00:00
Updated At:05 Aug, 2024 | 10:22
Rejected At:
â–¼CVE Numbering Authority (CNA)

An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. Remote unauthenticated attackers can upload files at an arbitrary path.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.gruppotim.it/it/footer/red-team.html
N/A
Hyperlink: https://www.gruppotim.it/it/footer/red-team.html
Resource: N/A
â–¼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.gruppotim.it/it/footer/red-team.html
x_transferred
Hyperlink: https://www.gruppotim.it/it/footer/red-team.html
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Vendor
italtel
Product
i-mcs_nfv
CPEs
  • cpe:2.3:a:italtel:i-mcs_nfv:12.1.0-20211215:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 12.1.0-20211215
Problem Types
TypeCWE IDDescription
CWECWE-36CWE-36 Absolute Path Traversal
Type: CWE
CWE ID: CWE-36
Description: CWE-36 Absolute Path Traversal
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:29 Jul, 2024 | 19:15
Updated At:14 Oct, 2025 | 18:04

An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. Remote unauthenticated attackers can upload files at an arbitrary path.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CPE Matches
italtel
italtel
>>i-mcs_nfv>>12.1.0-20211215
cpe:2.3:a:italtel:i-mcs_nfv:12.1.0-20211215:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-36Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-36
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.gruppotim.it/it/footer/red-team.htmlcve@mitre.org
Third Party Advisory
https://www.gruppotim.it/it/footer/red-team.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: https://www.gruppotim.it/it/footer/red-team.html
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://www.gruppotim.it/it/footer/red-team.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

3Records found
CVE-2021-1296
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.45% / 63.02%
||
7 Day CHG~0.00%
Published-04 Feb, 2021 | 16:56
Updated-08 Nov, 2024 | 23:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers Arbitrary File Write Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to conduct directory traversal attacks and overwrite certain files that should be restricted on an affected system. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web-based management interface to upload a file to location on an affected device that they should not have access to. A successful exploit could allow the attacker to overwrite files on the file system of the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv260w_wireless-ac_vpn_routerrv160_vpn_routerrv160w_wireless-ac_vpn_routerrv160_vpn_router_firmwarerv260p_vpn_router_with_poerv260w_wireless-ac_vpn_router_firmwarerv160w_wireless-ac_vpn_router_firmwarerv260_vpn_routerrv260_vpn_router_firmwarerv260p_vpn_router_with_poe_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-36
Absolute Path Traversal
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-1297
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.45% / 63.02%
||
7 Day CHG~0.00%
Published-04 Feb, 2021 | 16:56
Updated-08 Nov, 2024 | 23:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers Arbitrary File Write Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to conduct directory traversal attacks and overwrite certain files that should be restricted on an affected system. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web-based management interface to upload a file to location on an affected device that they should not have access to. A successful exploit could allow the attacker to overwrite files on the file system of the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv260w_wireless-ac_vpn_routerrv160_vpn_routerrv160w_wireless-ac_vpn_routerrv160_vpn_router_firmwarerv260p_vpn_router_with_poerv260w_wireless-ac_vpn_router_firmwarerv160w_wireless-ac_vpn_router_firmwarerv260_vpn_routerrv260_vpn_router_firmwarerv260p_vpn_router_with_poe_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-36
Absolute Path Traversal
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-27117
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 12.19%
||
7 Day CHG~0.00%
Published-24 Feb, 2026 | 21:46
Updated-26 Feb, 2026 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
bit7z has a path traversal vulnerability

bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.11, a path traversal vulnerability ("Zip Slip") exists in bit7z's archive extraction functionality. The library does not adequately validate file paths contained in archive entries, allowing files to be written outside the intended extraction directory through three distinct mechanisms: relative path traversal, absolute path traversal, and symbolic link traversal. An attacker can exploit this by providing a malicious archive to any application that uses bit7z to extract untrusted archives. Successful exploitation results in arbitrary file write with the privileges of the process performing the extraction. This could lead to overwriting of application binaries, configuration files, or other sensitive data. The vulnerability does not directly enable reading of file contents; the confidentiality impact is limited to the calling application's own behavior after extraction. However, applications that subsequently serve or display extracted files may face secondary confidentiality risks from attacker-created symlinks. Fixes have been released in version 4.0.11. If upgrading is not immediately possible, users can mitigate the vulnerability by validating each entry's destination path before writing. Other mitigations include running extraction with least privilege and extracting untrusted archives in a sandboxed directory.

Action-Not Available
Vendor-rikyozrikyoz
Product-bit7zbit7z
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-23
Relative Path Traversal
CWE ID-CWE-36
Absolute Path Traversal
Details not found