CVE-2024-50960

moderate-risk
Published 2025-04-15

A command injection vulnerability in the Nmap diagnostic tool in the admin web console of Extron SMP 111 <=3.01, SMP 351 <=2.16, SMP 352 <= 2.16, and SME 211 <= 3.02, allows a remote authenticated attacker to execute arbitrary commands as root on the underlying operating system.

Do I need to act?

~
4.3% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.2/10 High
NETWORK / LOW complexity

Affected Products (4)

Smp 111 Firmware
Smp 351 Firmware
Smp 352 Firmware
Sme 211 Firmware

Affected Vendors

Extron

References (3)

Exploit https://github.com/layer8secure/extron-smp-inject/
Exploit https://ryanmroth.com/articles/exploiting-extron-smp-command-injection
Product https://www.extron.com/article/smp
43
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 7/34 · Low
Exposure 10/34 · Low