CVE-2024-52564

{"id": "CVE-2024-52564", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "vultures@jpcert.or.jp", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-12-05T10:31:40.663", "references": [{"url": "https://jvn.jp/en/jp/JVN46615026/", "source": "vultures@jpcert.or.jp"}, {"url": "https://www.iodata.jp/support/information/2024/11_ud-lt1/", "source": "vultures@jpcert.or.jp"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "vultures@jpcert.or.jp", "description": [{"lang": "en", "value": "CWE-1242"}]}], "descriptions": [{"lang": "en", "value": "Inclusion of undocumented features or chicken bits issue exists in UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 and earlier. A remote attacker may disable the firewall function of the affected products. As a result, an arbitrary OS command may be executed and/or configuration settings of the device may be altered."}, {"lang": "es", "value": "Existe un problema de inclusi\u00f3n de funciones no documentadas o de errores de configuraci\u00f3n en el firmware UD-LT1 versi\u00f3n 2.1.8 y anteriores y en el firmware UD-LT1/EX versi\u00f3n 2.1.8 y anteriores. Un atacante remoto puede desactivar la funci\u00f3n de firewall de los productos afectados. Como resultado, se puede ejecutar un comando arbitrario del sistema operativo y/o se pueden alterar los ajustes de configuraci\u00f3n del dispositivo."}], "lastModified": "2024-12-05T10:31:40.663", "sourceIdentifier": "vultures@jpcert.or.jp"}