CVE-2024-47865

Summary

Missing authentication for critical function vulnerability exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote unauthenticated attacker may update or downgrade the firmware on the device.

Affected Software

VendorProductVersion RangeStatus
Rakuten Mobile, Inc.Rakuten Turbo 5GV1.3.18 and earlieraffected

Weaknesses

  • CWE-306: Missing authentication for critical function

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References