CVE-2024-22899 Information

Description

Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the syncNtpTime function.

Reference

http://vinchin.com https://seclists.org/fulldisclosure/2024/Jan/29 https://blog.leakix.net/2024/01/vinchin-backup-rce-chain/