CVE-2024-8997

CRITICAL

Vestel EVC04 Configuration Interface < 18.03.2025 - SQL Injection

Title source: llm
STIX 2.1

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vestel EVC04 Configuration Interface allows SQL Injection. This issue affects EVC04 Configuration Interface: before V3.187, V4.53.

References (2)

Core 2
Core References
Third Party Advisory government-resource broken-link
https://www.usom.gov.tr/bildirim/tr-25-0070

Scores

CVSS v3 9.8
EPSS 0.0040
EPSS Percentile 32.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-89
Status published
Products (2)
Vestel/EVC04 Configuration Interface < V3.187, V4.53
vestel/evc04_configuration_interface < 18.03.2025
Published Mar 18, 2025
Tracked Since Feb 18, 2026