Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-50960

A command injection vulnerability in the Nmap diagnostic tool in the admin web console of Extron SMP 111 <=3.01, SMP 351 <=2.16, SMP 352 <= 2.16, and SME 211 <= 3.02, allows a remote authenticated attacker to execute arbitrary commands as root on the underlying operating system.

Published

2025-04-15T18:15:45.263

Last Modified

2025-04-25T18:35:24.457

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.2 (HIGH)

Weaknesses

Type: Secondary
CWE-94

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	extron	smp_111_firmware	≤ 3.01	Yes
Hardware	extron	smp_111	-	No
Operating System	extron	smp_351_firmware	≤ 2.16	Yes
Hardware	extron	smp_351	-	No
Operating System	extron	smp_352_firmware	≤ 2.16	Yes
Hardware	extron	smp_352	-	No
Operating System	extron	sme_211_firmware	≤ 3.02	Yes
Hardware	extron	sme_211	-	No

References

https://github.com/layer8secure/extron-smp-inject/ Exploit, Third Party Advisory ([email protected])
https://ryanmroth.com/articles/exploiting-extron-smp-command-injection Exploit, Third Party Advisory ([email protected])
https://www.extron.com/article/smp Product ([email protected])