Cyber Resilience

CVE-2024-7694

HighCISA KEVActive ExploitationEUVD Exploited

Published: 12 August 2024

Published
12 August 2024
Modified
18 February 2026
KEV Added
17 February 2026
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0122 79.4th percentile
Risk Priority 35 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-7694 is a high-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Teamt5 Threatsonar Anti-Ransomware. Its CVSS base score is 7.2 (High).

Operationally, ranked in the top 20.6% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-3 (Malicious Code Protection).

Deeper analysis

ThreatSonar Anti-Ransomware from TeamT5 contains an unrestricted file upload flaw (CWE-434) that fails to validate the content of files uploaded to the platform. The affected component is the web interface used for administrative file management on the product server.

Remote attackers who already possess administrator credentials on the ThreatSonar instance can upload crafted files that result in arbitrary system command execution on the underlying server. The vulnerability carries a CVSS 3.1 score of 7.2 and requires no user interaction beyond the initial privileged access.

Taiwanese CERT advisories and the associated vendor guidance recommend applying the patches released by TeamT5 and restricting administrative access to trusted networks. The flaw is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming observed in-the-wild exploitation. The EPSS score rose from a low baseline to a recorded peak of 0.0228, indicating increased exploitation interest after public disclosure.

EU & UK References

Vulnerability details

ThreatSonar Anti-Ransomware from TeamT5 does not properly validate the content of uploaded files. Remote attackers with administrator privileges on the product platform can upload malicious files, which can be used to execute arbitrary system command on the server.

CWE(s)
KEV Date Added
17 February 2026

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

teamt5
threatsonar anti-ransomware
≤ 3.5.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of uploaded file content to block malicious payloads that lead to command execution.

prevent

Mandates malicious-code scanning and blocking of uploaded files before they can be used for arbitrary command execution.

preventdetect

Requires integrity verification of uploaded files and software to detect or stop tampering that enables command execution.

References