216.73.216.133

CVE-2024-41153

· Published 29/10/2024 13:15 · Modified 31/10/2024 14:37

Labels: CVE-2024-41153 2024-10-29CVE-2024-41153CWE-77[email protected]

Essential information

Published
29/10/2024 13:15
Modified
31/10/2024 14:37
Author
Creator
CVSS
7.2 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

Command injection vulnerability in the Edge Computing UI for the TRO600 series radios that allows for the execution of arbitrary system commands. If exploited, an attacker with write access to the web UI can execute commands on the device with root privileges, far more extensive than what the write privilege intends.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
hitachienergy / tro610 firmware cpe:2.3:o:hitachienergy:tro610_firmware:*:*:*:*:*:*:*:*
hitachienergy / tro610 cpe:2.3:h:hitachienergy:tro610:-:*:*:*:*:*:*:*
hitachienergy / tro620 firmware cpe:2.3:o:hitachienergy:tro620_firmware:*:*:*:*:*:*:*:*
hitachienergy / tro620 cpe:2.3:h:hitachienergy:tro620:-:*:*:*:*:*:*:*
hitachienergy / tro670 firmware cpe:2.3:o:hitachienergy:tro670_firmware:*:*:*:*:*:*:*:*
hitachienergy / tro670 cpe:2.3:h:hitachienergy:tro670:-:*:*:*:*:*:*:*

References