Primary

Context

Marvell QConvergeConsole Unrestricted File Upload Leading to Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability has been identified in Marvell QConvergeConsole. This issue arises from the 'getFileFromURL' method, which lacks proper validation of user-supplied data, allowing for the upload of arbitrary files. Exploitation of this vulnerability enables remote attackers to execute code with SYSTEM privileges. Notably, authentication is not required to exploit this vulnerability.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected system, with the executed code running in the context of the SYSTEM user.

Remediation

Marvell QConvergeConsole is no longer supported or recommended by the vendor. The product has reached End of Life and End of Support status after version 5.5.0.85 was released in January 2022.

Added: Jul 7, 2025, 3:32 PM

Updated: Jul 7, 2025, 3:32 PM

Vulnerability Rating

Custom Algorithm

spread

1.2

impact

10.0

exploitability

4.7

remediation

3.7

relevance

0.2

threat

0.1

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.2

impact

10.0

exploitability

4.7

remediation

3.7

relevance

0.2

threat

0.1

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Marvell QConvergeConsole Unrestricted File Upload Leading to Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Marvell QConvergeConsole

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating