CVE-2024-10120: 
Homebrew vulnerability analysis and mitigation

A critical vulnerability has been discovered in wfh45678 Radar up to version 1.0.8. The vulnerability (CVE-2024-10120) affects the file upload functionality in the /services/v1/common/upload endpoint. This security flaw was disclosed in October 2024, and the vendor was contacted but did not respond to the disclosure (NVD).

The vulnerability is classified as an unrestricted file upload vulnerability (CWE-434). It has received a CVSS v3.1 base score of 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The issue exists in the file upload functionality where the system fails to properly validate uploaded files, allowing manipulation of the argument 'file' parameter (NVD, GitHub POC).

The vulnerability allows remote attackers to upload arbitrary files to the system without authentication. This can lead to complete system compromise as attackers can potentially execute malicious code on the affected server (NVD).

Users should upgrade to a version newer than 1.0.8 if available. As the vendor has not responded to the disclosure, organizations using affected versions should implement additional security controls such as web application firewalls and strict file upload validation at the network level (NVD).