CVE-2024-50707

moderate-risk
Published 2025-03-04

Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via the X-Forwarded-For header in an HTTP GET request.

Do I need to act?

~
7.2% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
10
CVSS 10.0/10 Critical
NETWORK / LOW complexity

Affected Products (2)

Tripleplay
Tripleplay

Affected Vendors

Uniguest

References (2)

Vendor Advisory https://uniguest.com/cve-bulletins/
Broken Link https://uniguest.com/wp-content/uploads/2025/02/CVE-2024-50707-Vulnerability-Sum...
49
/ 100
moderate-risk
Severity 33/34 · Critical
Exploitability 9/34 · Low
Exposure 7/34 · Low