CVE-2024-58314

HighPublic PoCRCE

Published: 12 December 2025

Published

12 December 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0020 41.8th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-58314 is a high-severity OS Command Injection (CWE-78) vulnerability in Atcom (inferred from references). Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 41.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly requires validation and sanitization of inputs like the 'cmd' parameter in web_cgi_main.cgi to prevent command injection (CWE-78).

SI-2 Flaw Remediation good match

prevent

Ensures timely identification, testing, and installation of firmware patches to remediate the command injection vulnerability.

AC-6 Least Privilege partial match

prevent

Enforces least privilege on the web CGI process to limit the scope and impact of arbitrary command execution even with administrative credentials.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059.004 Unix Shell Execution

Adversaries may abuse Unix shell commands and scripts for execution.

attack.mitre.org →

Why these techniques?

CVE enables exploitation of a public-facing web application (T1190) via authenticated command injection in a CGI script, directly facilitating arbitrary Unix shell command execution (T1059.004) for remote code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Atcom 100M IP Phones firmware version 2.7.x.x contains an authenticated command injection vulnerability in the web configuration CGI script that allows attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'cmd' parameter in web_cgi_main.cgi, enabling remote…

code execution with administrative credentials.

Deeper analysisAI

CVE-2024-58314 is an authenticated command injection vulnerability in Atcom 100M IP Phones firmware version 2.7.x.x. The issue affects the web configuration CGI script, web_cgi_main.cgi, where the 'cmd' parameter fails to properly sanitize input, allowing injection of arbitrary shell commands and enabling remote code execution with administrative credentials. Published on 2025-12-12, it is rated 8.8 on CVSS v3.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-78 (Improper Neutralization of Special Elements used in an OS Command).

Attackers require administrative credentials and network access to the device to exploit this vulnerability, which has low attack complexity and needs no user interaction. Exploitation allows execution of arbitrary system commands, resulting in remote code execution that compromises confidentiality, integrity, and availability at a high level.

Advisories from VulnCheck detail the authenticated command injection via the web configuration CGI, while Exploit-DB hosts a proof-of-concept exploit (ID 51742). The Atcom vendor page provides product information relevant to the affected Fast IP Phone series. No specific patch details are outlined in the provided references.