CVE-2024-41153
Last modified
CVE-2024-41153 is a high-severity vulnerability rated 7.2/10 on the CVSS scale. Command injection vulnerability in the Edge Computing UI for the TRO600 series radios that allows for the execution of arbitrary system commands. If exploited, an attacker with write access to the web UI can execute commands on the device with root privileges, far more extensive than what the write privilege intends.. EPSS estimates a 1.56% chance of exploitation in the next 30 days.
Description
Command injection vulnerability in the Edge Computing UI for the TRO600 series radios that allows for the execution of arbitrary system commands. If exploited, an attacker with write access to the web UI can execute commands on the device with root privileges, far more extensive than what the write privilege intends.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Hitachienergy | Tro610 Firmware | >= 9.1.0.0, < 9.2.0.5 |
| Hitachienergy | Tro620 Firmware | >= 9.1.0.0, < 9.2.0.5 |
| Hitachienergy | Tro670 Firmware | >= 9.1.0.0, < 9.2.0.5 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2024-41153?
How severe is CVE-2024-41153?
How do I fix CVE-2024-41153?
Are you affected by CVE-2024-41153?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST