CVE-2024-30167
Authenticated Command Injection in Atlona AT-OME-MS42 Matrix Switcher
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| atlona | at-ome-ms42_matrix_switcher | 1.1.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in the /cgi-bin/time.cgi endpoint of the Atlona AT-OME-MS42 Matrix Switcher version 1.1.2. It allows remote authenticated users to execute arbitrary commands with root privileges by sending a POST request containing a serverName parameter.
How can this vulnerability impact me? :
This vulnerability can have severe impacts as it allows an authenticated remote user to execute any command as the root user on the affected device. This could lead to full system compromise, unauthorized access to sensitive data, disruption of services, or further exploitation within the network.