CVE-2024-47944
Oct. 15, 2024, 4:35 p.m.
Tags
CVSS Score
Product(s) Impacted
UNKNOWN
Description
The device directly executes .patch firmware upgrade files on a USB stick without any prior authentication in the admin interface. This leads to an unauthenticated code execution via the firmware upgrade function.
Weaknesses
CWE-1299
Missing Protection Mechanism for Alternate Hardware Interface
The lack of protections on alternate paths to access control-protected assets (such as unprotected shadow registers and other external facing unguarded interfaces) allows an attacker to bypass existing protections to the asset that are only performed against the primary path.
CWE ID: 1299Date
Published: Oct. 15, 2024, 9:15 a.m.
Last Modified: Oct. 15, 2024, 4:35 p.m.
Status : Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
551230f0-3615-47bd-b7cc-93e92e730bbf
CVSS Data
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
Exploitability Score
Impact Score
Base Severity
MEDIUMCVSS Vector String
The CVSS vector string provides an in-depth view of the vulnerability metrics.
View Vector StringCVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H