Unpatched Vulnerabilities Found in MC LR Router and GoCast
/ 1 min read
🕵️♂️ Cisco Talos uncovers critical vulnerabilities in MC LR Router and GoCast services. The Cisco Talos Vulnerability Research team has identified multiple unpatched vulnerabilities in MC Technologies’ LR Router and the GoCast service, including OS command injection flaws. Specifically, the MC-LR Router has three vulnerabilities (CVE-2024-28025 to CVE-2024-28027) related to its web interface and one vulnerability (CVE-2024-21786) concerning uploaded configuration files, all of which can be exploited via authenticated HTTP requests. Additionally, the GoCast service has vulnerabilities that allow for unauthenticated access to its HTTP API, leading to potential OS command injection and arbitrary command execution. Users are advised to monitor Talos Intelligence for updates and utilize Snort for detection.
