CVE-2024-47133

Summary

UD-LT1 firmware Ver.2.1.9 and earlier and UD-LT1/EX firmware Ver.2.1.9 and earlier allow a remote authenticated attacker with an administrative account to execute arbitrary OS commands.

Affected Software

VendorProductVersion RangeStatus
I-O DATA DEVICE, INC.UD-LT1firmware Ver.2.1.9 and earlieraffected
I-O DATA DEVICE, INC.UD-LT1/EXfirmware Ver.2.1.9 and earlieraffected

Weaknesses

  • CWE-78: Improper neutralization of special elements used in an OS command ('OS Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References