Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-37770

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-10 Jul, 2024 | 00:00
Updated At-02 Aug, 2024 | 03:57
Rejected At-
Credits

14Finger v1.1 was discovered to contain a remote command execution (RCE) vulnerability in the fingerprint function. This vulnerability allows attackers to execute arbitrary commands via a crafted payload.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:10 Jul, 2024 | 00:00
Updated At:02 Aug, 2024 | 03:57
Rejected At:
▼CVE Numbering Authority (CNA)

14Finger v1.1 was discovered to contain a remote command execution (RCE) vulnerability in the fingerprint function. This vulnerability allows attackers to execute arbitrary commands via a crafted payload.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/b1ackc4t/14Finger/issues/13
N/A
https://github.com/k3ppf0r/CVE-2024-37770
N/A
Hyperlink: https://github.com/b1ackc4t/14Finger/issues/13
Resource: N/A
Hyperlink: https://github.com/k3ppf0r/CVE-2024-37770
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
b1ackc4t
Product
14finger
CPEs
  • cpe:2.3:a:b1ackc4t:14finger:1.1:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 1.1
Problem Types
TypeCWE IDDescription
CWECWE-94CWE-94 Improper Control of Generation of Code ('Code Injection')
Type: CWE
CWE ID: CWE-94
Description: CWE-94 Improper Control of Generation of Code ('Code Injection')
Metrics
VersionBase scoreBase severityVector
3.19.1CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Version: 3.1
Base score: 9.1
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/b1ackc4t/14Finger/issues/13
x_transferred
https://github.com/k3ppf0r/CVE-2024-37770
x_transferred
Hyperlink: https://github.com/b1ackc4t/14Finger/issues/13
Resource:
x_transferred
Hyperlink: https://github.com/k3ppf0r/CVE-2024-37770
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:10 Jul, 2024 | 18:15
Updated At:01 Jul, 2025 | 14:17

14Finger v1.1 was discovered to contain a remote command execution (RCE) vulnerability in the fingerprint function. This vulnerability allows attackers to execute arbitrary commands via a crafted payload.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.19.1CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Type: Secondary
Version: 3.1
Base score: 9.1
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CPE Matches
b1ackc4t
b1ackc4t
>>14finger>>1.1
cpe:2.3:a:b1ackc4t:14finger:1.1:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-94Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-94
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/b1ackc4t/14Finger/issues/13cve@mitre.org
Exploit
Issue Tracking
Vendor Advisory
https://github.com/k3ppf0r/CVE-2024-37770cve@mitre.org
Exploit
Third Party Advisory
https://github.com/b1ackc4t/14Finger/issues/13af854a3a-2127-422b-91ae-364da2661108
Exploit
Issue Tracking
Vendor Advisory
https://github.com/k3ppf0r/CVE-2024-37770af854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
Hyperlink: https://github.com/b1ackc4t/14Finger/issues/13
Source: cve@mitre.org
Resource:
Exploit
Issue Tracking
Vendor Advisory
Hyperlink: https://github.com/k3ppf0r/CVE-2024-37770
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://github.com/b1ackc4t/14Finger/issues/13
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Issue Tracking
Vendor Advisory
Hyperlink: https://github.com/k3ppf0r/CVE-2024-37770
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

9Records found
CVE-2025-54594
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.06% / 18.50%
||
7 Day CHG~0.00%
Published-05 Aug, 2025 | 23:31
Updated-06 Aug, 2025 | 20:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
react-native-bottom-tabs: Arbitrary code execution in GitHub Actions canary workflow leads to secret exfiltration

react-native-bottom-tabs is a library of Native Bottom Tabs for React Native. In versions 0.9.2 and below, the github/workflows/release-canary.yml GitHub Actions repository workflow improperly used the pull_request_target event trigger, which allowed for untrusted code from a forked pull request to be executed in a privileged context. An attacker could create a pull request containing a malicious preinstall script in the package.json file and then trigger the vulnerable workflow by posting a specific comment (!canary). This allowed for arbitrary code execution, leading to the exfiltration of sensitive secrets such as GITHUB_TOKEN and NPM_TOKEN, and could have allowed an attacker to push malicious code to the repository or publish compromised packages to the NPM registry. There is a remediation commit which removes github/workflows/release-canary.yml, but a version with this fix has yet to be released.

Action-Not Available
Vendor-callstackincubator
Product-react-native-bottom-tabs
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-50808
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.54% / 66.57%
||
7 Day CHG~0.00%
Published-13 Feb, 2024 | 00:00
Updated-17 Oct, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zimbra Collaboration before Kepler 9.0.0 Patch 38 GA allows DOM-based JavaScript injection in the Modern UI.

Action-Not Available
Vendor-n/aZimbraSynacor, Inc.
Product-collaborationn/azimbra_collaboration_suite
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-36645
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.24% / 47.22%
||
7 Day CHG+0.06%
Published-04 Apr, 2024 | 00:00
Updated-24 Apr, 2025 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in ITB-GmbH TradePro v9.5, allows remote attackers to run SQL queries via oordershow component in customer function.

Action-Not Available
Vendor-itb-pimn/aitb_gmbh
Product-tradepron/atradepro
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-1532
Matching Score-4
Assigner-Honor Device Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Honor Device Co., Ltd.
CVSS Score-8.1||HIGH
EPSS-0.06% / 19.05%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 09:31
Updated-11 Jul, 2025 | 13:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Code Injection Vulnerability in Phoneservice

Phoneservice module is affected by code injection vulnerability, successful exploitation of this vulnerability may affect service confidentiality and integrity.

Action-Not Available
Vendor-Honor Device Co., Ltd.
Product-phoneservicecom.hihonor.phoneservice
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-46962
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.11% / 30.37%
||
7 Day CHG~0.00%
Published-11 Nov, 2024 | 00:00
Updated-12 Nov, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SYQ com.downloader.video.fast (aka Master Video Downloader) application through 2.0 for Android allows an attacker to execute arbitrary JavaScript code via the com.downloader.video.fast.SpeedMainAct component.

Action-Not Available
Vendor-n/aGoogle LLC
Product-n/aandroid
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2020-12013
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.1||CRITICAL
EPSS-0.91% / 74.79%
||
7 Day CHG~0.00%
Published-16 Jul, 2020 | 21:14
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior.

Action-Not Available
Vendor-iconicsICONICSMitsubishi Electric Corporation
Product-energy_analytixmc_works64facility_analytixquality_analytixgenesis32hyper_historiansmart_energy_analytixmobilehmigenesis64mc_works32bizvizMC Works32GenBroker32GenBroker64, Platform Services, Workbench, FrameWorX ServerMC Works64
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-34405
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.23% / 45.91%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 00:00
Updated-02 Aug, 2024 | 02:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper deep link validation in McAfee Security: Antivirus VPN for Android before 8.3.0 could allow an attacker to launch an arbitrary URL within the app.

Action-Not Available
Vendor-n/aMcAfee, LLC
Product-n/aantivirus_vpn_for_android
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-33294
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.70% / 71.12%
||
7 Day CHG~0.00%
Published-06 May, 2024 | 00:00
Updated-02 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Library System using PHP/MySQli with Source Code V1.0 allows a remote attacker to execute arbitrary code via the _FAILE variable in the student_edit_photo.php component.

Action-Not Available
Vendor-n/aSourceCodester
Product-n/ahome_cleaning_service_system
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-38448
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.13% / 33.13%
||
7 Day CHG~0.00%
Published-16 Jun, 2024 | 00:00
Updated-02 Aug, 2024 | 04:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

htags in GNU Global through 6.6.12 allows code execution in situations where dbpath (aka -d) is untrusted, because shell metacharacters may be used.

Action-Not Available
Vendor-n/aGNU
Product-n/aglobal
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
Details not found