CVE-2024-45841

Summary

Incorrect permission assignment for critical resource issue exists in UD-LT1 firmware Ver.2.1.9 and earlier and UD-LT1/EX firmware Ver.2.1.9 and earlier. If an attacker with the guest account of the affected products accesses a specific file, the information containing credentials may be obtained.

Affected Software

VendorProductVersion RangeStatus
I-O DATA DEVICE, INC.UD-LT1firmware Ver.2.1.9 and earlieraffected
I-O DATA DEVICE, INC.UD-LT1/EXfirmware Ver.2.1.9 and earlieraffected

Weaknesses

  • CWE-732: Incorrect permission assignment for critical resource

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References