CVE-2024-9166

OS Command Injection in Atelmo Atemio AM 520 HD Full HD Satellite Receiver

Description

The device enables an unauthorized attacker to execute system commands with elevated privileges. This exploit is facilitated through the use of the 'getcommand' query within the application, allowing the attacker to gain root access.

Remediation

Solution:

  • Atelmo has stated that this product has been discontinued. There are no service or support addresses that can be contacted. For more information, contact Atelmo https://www.atelmo.com/epages/Atelmo.sf/de_DE/ .

Category

9.3
CVSS
Severity: Critical
CVSS 4.0 •
EPSS 0.28%
Affected: Atelmo Atemio AM 520 HD Full HD Satellite Receiver
Published at:
Updated at:

References

Link Tags
https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-03 government resource

Frequently Asked Questions

What is the severity of CVE-2024-9166?
CVE-2024-9166 has been scored as a critical severity vulnerability.
How to fix CVE-2024-9166?
To fix CVE-2024-9166: Atelmo has stated that this product has been discontinued. There are no service or support addresses that can be contacted. For more information, contact Atelmo https://www.atelmo.com/epages/Atelmo.sf/de_DE/ .
Is CVE-2024-9166 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-9166 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-9166?
CVE-2024-9166 affects Atelmo Atemio AM 520 HD Full HD Satellite Receiver.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.