CVE-2020-24849

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-24849

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-24849.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-24849

Published

2020-11-05T15:15:33.110Z

Modified

2025-11-14T10:57:29.463066Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A remote code execution vulnerability is identified in FruityWifi through 2.4. Due to improperly escaped shell metacharacters obtained from the POST request at the pageconfigadv.php page, it is possible to perform remote code execution by an authenticated attacker. This is similar to CVE-2018-17317.

References

Affected packages

Git / github.com/xtr4nge/fruitywifi

Affected ranges

Type: GIT
Repo: https://github.com/xtr4nge/fruitywifi
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

17b97dd0143782d5bf2da2fcac74220994e5c0cb

Affected versions

v2.*

v2.0

v2.1

v2.1.1

v2.1.2

v2.1.3

v2.2

v2.3

v2.4

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-24849.json"