What is CVE-2022-24796?

CVE-2022-24796 is a critical-severity vulnerability in Jens-maus Raspberrymatic, classified under OS Command Injection. CVSS score: 10.0/10. Published 2022-03-31.

How severe is CVE-2022-24796?

Critical severity. CVSS v3 base score is 10.0 out of 10.

RCE in Jens-maus Raspberrymatic

CVE-2022-24796

RaspberryMatic is a free and open-source operating system for running a cloud-free smart-home using the homematicIP / HomeMatic hardware line of IoT devices. A Remote Code Execution (RCE) vulnerability in the file upload facility of the We…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.064 (91.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 10.0 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.

Affected products

Jens-maus Raspberrymatic — versions >= 2.31.25.20180428, < 3.63.8.20220330

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

github.com/jens-maus/RaspberryMatic/security/advisories/GHSA-g7vv-7rmf-mff7 (x_refsource_CONFIRM)
github.com/jens-maus/RaspberryMatic/commit/34854659a63e9fb3ad529bb413e96978c645… (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-24796?: CVE-2022-24796 is a critical-severity vulnerability in Jens-maus Raspberrymatic, classified under OS Command Injection. CVSS score: 10.0/10. Published 2022-03-31.
How severe is CVE-2022-24796?: Critical severity. CVSS v3 base score is 10.0 out of 10.