Description
If the attacker has access to a valid Poweruser session, remote code execution is possible because specially crafted valid PNG files with injected PHP content can be uploaded as desktop backgrounds or lock screens. After the upload, the PHP script is available in the web root. The PHP code executes once the uploaded file is accessed. This allows the execution of arbitrary PHP code and OS commands on the device as "www-data".
References (3)
Core 3
Core References
Various Sources third-party-advisory
https://r.sec-consult.com/imageaccess
Various Sources patch
https://www.imageaccess.de/?page=SupportPortal&lang=en
Mailing List
http://seclists.org/fulldisclosure/2024/Dec/2
Scores
CVSS v3
7.2
EPSS
0.0217
EPSS Percentile
84.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-434
Status
published
Products (1)
Image Access GmbH/Scan2Net
< 7.42
Published
Dec 10, 2024
Tracked Since
Feb 18, 2026