cvedb.io
CVE-2024-55371
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2025-04-16T21:15:45.790 · Last modified 2026-06-17T08:11:05.107

Summary

Wallos <= 2.38.2 has a file upload vulnerability in the restore backup function, which allows authenticated users to restore backups by uploading a ZIP file. The contents of the ZIP file are extracted on the server. This functionality enables an authenticated attacker (being an administrator is not required) to upload malicious files to the server. Once a web shell is installed, the attacker gains the ability to execute arbitrary commands.

Affected products

wallosapp — wallos

Does this affect you?

Add your gear to cvedb and we'll alert you only when wallosapp ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.