CVE-2024-46873

Dec. 23, 2024, 1:15 a.m.

9.8
Critical

Description

Multiple SHARP routers leave the hidden debug function enabled. An arbitrary OS command may be executed with the root privilege by a remote unauthenticated attacker.

Product(s) Impacted

Product Versions
SHARP routers

Weaknesses

CWE-489
Active Debug Code
The product is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or expose sensitive information.

References

https://jvn.jp/en/jp/JVN61635834/
https://k-tai.sharp.co.jp/support/info/info083.html

Tags

vultures@jpcert.or.jp
CWE-489
2024-12-23
CVE-2024-46873

CVSS Score

9.8 / 10

CVSS Data

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH
    • View Vector String

    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Date

  • Published: Dec. 23, 2024, 1:15 a.m.
  • Last Modified: Dec. 23, 2024, 1:15 a.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

vultures@jpcert.or.jp

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.