Command injection vulnerability in the Edge Computing UI for the
TRO600 series radios that allows for the execution of arbitrary system commands. If exploited, an attacker with write access to the
web UI can execute commands on the device with root privileges,
far more extensive than what the write privilege intends.
References
Link | Resource |
---|---|
https://publisher.hitachienergy.com/preview?DocumentID=8DBD000147&LanguageCode=en&DocumentPartId=&Action=launch | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
History
31 Oct 2024, 14:37
Type | Values Removed | Values Added |
---|---|---|
First Time |
Hitachienergy
Hitachienergy tro610 Hitachienergy tro620 Hitachienergy tro610 Firmware Hitachienergy tro620 Firmware Hitachienergy tro670 Hitachienergy tro670 Firmware |
|
References | () https://publisher.hitachienergy.com/preview?DocumentID=8DBD000147&LanguageCode=en&DocumentPartId=&Action=launch - Vendor Advisory | |
Summary |
|
|
CPE | cpe:2.3:h:hitachienergy:tro620:-:*:*:*:*:*:*:* cpe:2.3:o:hitachienergy:tro670_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:hitachienergy:tro610_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:hitachienergy:tro610:-:*:*:*:*:*:*:* cpe:2.3:o:hitachienergy:tro620_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:hitachienergy:tro670:-:*:*:*:*:*:*:* |
29 Oct 2024, 13:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-29 13:15
Updated : 2024-10-31 14:37
NVD link : CVE-2024-41153
Mitre link : CVE-2024-41153
CVE.ORG link : CVE-2024-41153
JSON object : View
Products Affected
hitachienergy
- tro610
- tro620_firmware
- tro610_firmware
- tro670
- tro620
- tro670_firmware
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')