Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-41153

Command injection vulnerability in the Edge Computing UI for the TRO600 series radios that allows for the execution of arbitrary system commands. If exploited, an attacker with write access to the web UI can execute commands on the device with root privileges, far more extensive than what the write privilege intends.

Published

2024-10-29T13:15:04.600

Last Modified

2024-10-31T14:37:48.533

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.2 (HIGH)

Weaknesses

Type: Secondary
CWE-77
Type: Primary
CWE-77

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	hitachienergy	tro610_firmware	< 9.2.0.5	Yes
Hardware	hitachienergy	tro610	-	No
Operating System	hitachienergy	tro620_firmware	< 9.2.0.5	Yes
Hardware	hitachienergy	tro620	-	No
Operating System	hitachienergy	tro670_firmware	< 9.2.0.5	Yes
Hardware	hitachienergy	tro670	-	No

References

https://publisher.hitachienergy.com/preview?DocumentID=8DBD000147&LanguageCode=en&DocumentPartId=&Action=launch Vendor Advisory ([email protected])