CVE-2024-44414: n/a
CVE-2024-44414 is a critical command injection vulnerability found in the FBM_292W-21. 03. 10V software, specifically within the sub_4901E0 function of the msp_info. htm file. The vulnerability arises from improper handling of the 'path' parameter, allowing an attacker with low privileges to execute arbitrary commands remotely without user interaction. This flaw can lead to full compromise of the affected system, impacting confidentiality, integrity, and availability. Although no public exploits are currently known, the high CVSS score of 8. 8 indicates significant risk. Organizations using this software should prioritize patching or mitigating this vulnerability to prevent potential exploitation. The threat primarily affects network-exposed devices running the vulnerable version, with a focus on regions where this product is deployed.
AI Analysis
Technical Summary
CVE-2024-44414 is a critical security vulnerability identified in the FBM_292W-21.03.10V firmware/software version. The vulnerability exists in the sub_4901E0 function within the msp_info.htm file, where improper sanitization of the 'path' parameter allows for command injection attacks. This means an attacker can manipulate the 'path' parameter to inject and execute arbitrary system commands on the affected device remotely. The vulnerability is remotely exploitable over the network (AV:N), requires low attack complexity (AC:L), and only low privileges (PR:L) without any user interaction (UI:N). The scope is unchanged (S:U), but the impact is severe, affecting confidentiality, integrity, and availability (C:H/I:H/A:H). The underlying weakness corresponds to CWE-94: Improper Control of Generation of Code ('Code Injection'). No patches or fixes have been linked yet, and no known exploits are reported in the wild as of the publication date. Given the nature of the vulnerability, successful exploitation could lead to full system compromise, allowing attackers to execute arbitrary commands, potentially leading to data theft, service disruption, or lateral movement within a network.
Potential Impact
The impact of CVE-2024-44414 is significant for organizations using the affected FBM_292W-21.03.10V software. Exploitation can result in complete system compromise, including unauthorized access to sensitive data, disruption of services, and potential use of the compromised device as a foothold for further attacks within an enterprise network. The vulnerability affects confidentiality, integrity, and availability, making it a critical risk. Organizations relying on this software for network infrastructure or critical operations face potential operational downtime, reputational damage, and regulatory consequences if exploited. The lack of known exploits currently provides a window for proactive mitigation, but the ease of exploitation and high impact necessitate urgent attention.
Mitigation Recommendations
1. Immediately restrict network access to the vulnerable msp_info.htm interface by implementing firewall rules or network segmentation to limit exposure. 2. Employ strict input validation and sanitization on the 'path' parameter if custom modifications or patches are possible. 3. Monitor logs and network traffic for unusual command execution patterns or unexpected parameter values targeting the vulnerable function. 4. Engage with the vendor or software maintainers to obtain patches or updates addressing this vulnerability as soon as they become available. 5. Consider deploying Web Application Firewalls (WAFs) with custom rules to detect and block command injection attempts targeting this specific parameter. 6. Conduct thorough security assessments and penetration testing on systems running the affected software to identify potential exploitation. 7. Educate system administrators and security teams about this vulnerability to ensure rapid detection and response.
Affected Countries
United States, China, Germany, Japan, South Korea, India, United Kingdom, France, Canada, Australia
CVE-2024-44414: n/a
Description
CVE-2024-44414 is a critical command injection vulnerability found in the FBM_292W-21. 03. 10V software, specifically within the sub_4901E0 function of the msp_info. htm file. The vulnerability arises from improper handling of the 'path' parameter, allowing an attacker with low privileges to execute arbitrary commands remotely without user interaction. This flaw can lead to full compromise of the affected system, impacting confidentiality, integrity, and availability. Although no public exploits are currently known, the high CVSS score of 8. 8 indicates significant risk. Organizations using this software should prioritize patching or mitigating this vulnerability to prevent potential exploitation. The threat primarily affects network-exposed devices running the vulnerable version, with a focus on regions where this product is deployed.
AI-Powered Analysis
Technical Analysis
CVE-2024-44414 is a critical security vulnerability identified in the FBM_292W-21.03.10V firmware/software version. The vulnerability exists in the sub_4901E0 function within the msp_info.htm file, where improper sanitization of the 'path' parameter allows for command injection attacks. This means an attacker can manipulate the 'path' parameter to inject and execute arbitrary system commands on the affected device remotely. The vulnerability is remotely exploitable over the network (AV:N), requires low attack complexity (AC:L), and only low privileges (PR:L) without any user interaction (UI:N). The scope is unchanged (S:U), but the impact is severe, affecting confidentiality, integrity, and availability (C:H/I:H/A:H). The underlying weakness corresponds to CWE-94: Improper Control of Generation of Code ('Code Injection'). No patches or fixes have been linked yet, and no known exploits are reported in the wild as of the publication date. Given the nature of the vulnerability, successful exploitation could lead to full system compromise, allowing attackers to execute arbitrary commands, potentially leading to data theft, service disruption, or lateral movement within a network.
Potential Impact
The impact of CVE-2024-44414 is significant for organizations using the affected FBM_292W-21.03.10V software. Exploitation can result in complete system compromise, including unauthorized access to sensitive data, disruption of services, and potential use of the compromised device as a foothold for further attacks within an enterprise network. The vulnerability affects confidentiality, integrity, and availability, making it a critical risk. Organizations relying on this software for network infrastructure or critical operations face potential operational downtime, reputational damage, and regulatory consequences if exploited. The lack of known exploits currently provides a window for proactive mitigation, but the ease of exploitation and high impact necessitate urgent attention.
Mitigation Recommendations
1. Immediately restrict network access to the vulnerable msp_info.htm interface by implementing firewall rules or network segmentation to limit exposure. 2. Employ strict input validation and sanitization on the 'path' parameter if custom modifications or patches are possible. 3. Monitor logs and network traffic for unusual command execution patterns or unexpected parameter values targeting the vulnerable function. 4. Engage with the vendor or software maintainers to obtain patches or updates addressing this vulnerability as soon as they become available. 5. Consider deploying Web Application Firewalls (WAFs) with custom rules to detect and block command injection attempts targeting this specific parameter. 6. Conduct thorough security assessments and penetration testing on systems running the affected software to identify potential exploitation. 7. Educate system administrators and security teams about this vulnerability to ensure rapid detection and response.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2024-08-21T00:00:00.000Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 699f6cdeb7ef31ef0b569ac6
Added to database: 2/25/2026, 9:42:54 PM
Last enriched: 2/26/2026, 7:52:56 AM
Last updated: 2/26/2026, 8:04:33 AM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-25191: Uncontrolled Search Path Element in Digital Arts Inc. FinalCode Ver.5 series
HighCVE-2026-23703: Incorrect default permissions in Digital Arts Inc. FinalCode Ver.5 series
HighCVE-2026-1311: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in bearsthemes Worry Proof Backup
HighCVE-2026-2506: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in motahar1 EM Cost Calculator
MediumCVE-2026-2499: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in tgrk Custom Logo
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.