{"document":{"acknowledgments":[{"names":["Ethan Shackelford","Ehab Hussein"],"organization":"IOActive","summary":"Thanks for discovering and reporting the vulnerabilities."},{"organization":"INCIBE","summary":"Thanks for CVE assignment and coordination."}],"aggregate_severity":{"text":"Important"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en-US","notes":[{"category":"legal_disclaimer","text":"THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. KUNBUS RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.","title":"Legal Disclaimer"}],"publisher":{"category":"vendor","contact_details":"product-security@kunbus.com","issuing_authority":"KUNBUS GmbH develops and produces the Revolution Pi Family, Revolution Pi OS and the extension modules for RevPi amongst others. KUNBUS PSIRT is responsible for vulnerability handling across all KUNBUS products and services.","name":"KUNBUS PSIRT","namespace":"https://www.kunbus.com"},"references":[{"category":"self","summary":"URL generated by system","url":"https://psirt.kunbus.com/.well-known/csaf/white/2024/kunbus-2024-0000001.json"},{"url":"https://www.kunbus.com/en/productsecurity/revolution-pi-security-issues-in-webstatus","summary":"HTML Version of the advisory"}],"title":"Security Issues in Webstatus","tracking":{"current_release_date":"2025-05-07T11:04:44.732792258Z","generator":{"date":"2025-05-07T10:55:30.074Z","engine":{"name":"csaf-cms-backend","version":"1.0.0"}},"id":"Kunbus-2024-0000001","initial_release_date":"2024-09-19T10:00:00.000Z","revision_history":[{"date":"2024-09-19T10:00:00.000Z","number":"1.0.0","summary":"Initial Publication"},{"date":"2025-05-07T10:52:28.962260219Z","number":"1.1.0","summary":"Added legal disclaimer, modified Publisher Information, and sorted document"},{"date":"2025-05-07T11:04:44.732792258Z","number":"1.2.0","summary":"Add HTML Version as reference and fixed the self-reference"}],"status":"final","version":"1.2.0"}},"product_tree":{"branches":[{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"Buster (08/2022)","product":{"name":"KUNBUS Revolution Pi Revolution Pi OS Buster (08/2022)","product_id":"CSAFPID-0001"}}],"category":"product_name","name":"Revolution Pi OS"},{"branches":[{"category":"product_version_range","name":"<=2.4.1","product":{"name":"KUNBUS Revolution Pi webstatus <=2.4.1","product_id":"CSAFPID-0002"}},{"category":"product_version","name":"2.4.2","product":{"name":"KUNBUS Revolution Pi webstatus 2.4.2","product_id":"CSAFPID-0003"}}],"category":"product_name","name":"webstatus"},{"branches":[{"category":"product_version","name":"2.1.1","product":{"name":"KUNBUS Revolution Pi pictory 2.1.1","product_id":"CSAFPID-0005"}},{"category":"product_version_range","name":"<= 2.1.0","product":{"name":"KUNBUS Revolution Pi pictory < 2.1.1","product_id":"CSAFPID-0006"}}],"category":"product_name","name":"pictory"}],"category":"product_family","name":"Revolution Pi"}],"category":"vendor","name":"KUNBUS"}]},"vulnerabilities":[{"cve":"CVE-2024-8684","cwe":{"id":"CWE-78","name":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"},"notes":[{"category":"details","text":"The command execution of webstatus lacks proper input validation which leads to the ability to inject arbitrary commands for a user authenticated to the application. The commands are would be executed in the context of the low privileged www-data user.\nThe main PHP file governing the behavior of the Revolution Pi administrative web application is vulnerable to command injection, allowing for arbitrary code execution as the\nlow-privileged www-data user.","title":"Description"}],"product_status":{"fixed":["CSAFPID-0003"],"known_affected":["CSAFPID-0001","CSAFPID-0002"]},"scores":[{"cvss_v3":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":6.7,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","environmentalScore":6.7,"environmentalSeverity":"MEDIUM","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","temporalScore":6.7,"temporalSeverity":"MEDIUM","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H","version":"3.1"},"products":["CSAFPID-0001","CSAFPID-0002"]}],"title":"Authenticated Command Injection in Webstatus"},{"cve":"CVE-2024-8685","cwe":{"id":"CWE-22","name":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"},"notes":[{"category":"details","text":"Pictory has a function to list directory contents. This is nessesary to provide the option to load configurations to the user. Due to insufficient input sanitation it was possible get directory listings of all directories the www-data user has access to and not only the data storage directory of the application. It was not possible to get the file contents with this vulnerability.","title":"Description"}],"product_status":{"fixed":["CSAFPID-0005"],"known_affected":["CSAFPID-0001","CSAFPID-0006"]},"scores":[{"cvss_v3":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":2.7,"baseSeverity":"LOW","confidentialityImpact":"LOW","environmentalScore":2.7,"environmentalSeverity":"LOW","integrityImpact":"NONE","privilegesRequired":"HIGH","scope":"UNCHANGED","temporalScore":2.7,"temporalSeverity":"LOW","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N","version":"3.1"},"products":["CSAFPID-0001","CSAFPID-0006"]}],"title":"Directory Traversal in Pictory"}]}