Multiple vulnerabilities in KUNBUS GmbH's Revolution Pi
Posted date 10/02/2025
Identificador
INCIBE-2025-0067
Importance
4 - High
Affected Resources
- Revolution Pi, 2022-07-28-revpi-buster version.
Description
INCIBE has coordinated the publication of 2 vulnerabilities: one of high severity and one of medium severity, affecting Revolution Pi from KUNBUS GmbH, a specialised IIoT Gateway for use in industrial automation applications, which have been discovered by Ethan Shackelford (CVE-2024-8684) and Ehab Hussein (CVE-2024-8685).
These vulnerabilities have been assigned the following codes, CVSS v3.1 base score, CVSS vector and CWE vulnerability type for each vulnerability.
- CVE-2024-8684: CVSS v3.1: 8.3 | CVSS AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H | CWE-78
- CVE-2024-8685: CVSS v3.1: 4.3 | CVSS AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | CWE-22
Solution
The command injection vulnerability has been fixed by the KUNBUS team in the Revolution Pi webstatus 2.4.2 release.
Path Traversal vulnerability has been fixed by the KUNBUS team in Revolution Pi pictory 2.1.1.
Detail
- CVE-2024-8684: OS Command Injection vulnerability in Revolution Pi version 2022-07-28-revpi-buster from KUNBUS GmbH. This vulnerability could allow an authenticated attacker to execute OS commands on the device via the ‘php/dal.php’ endpoint, in the ‘arrSaveConfig’ parameter.
- CVE-2024-8685: Path-Traversal vulnerability in Revolution Pi version 2022-07-28-revpi-buster from KUNBUS GmbH. This vulnerability could allow an authenticated attacker to list device directories via the ‘/pictory/php/getFileList.php’ endpoint in the ‘dir’ parameter.
References list