Command injection vulnerability in the Edge Computing UI for the
TRO600 series radios that allows for the execution of arbitrary system commands. If exploited, an attacker with write access to the
web UI can execute commands on the device with root privileges,
far more extensive than what the write privilege intends.
Metrics
Affected Vendors & Products
References
History
Thu, 31 Oct 2024 15:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Hitachienergy
Hitachienergy tro610 Hitachienergy tro610 Firmware Hitachienergy tro620 Hitachienergy tro620 Firmware Hitachienergy tro670 Hitachienergy tro670 Firmware |
|
CPEs | cpe:2.3:h:hitachienergy:tro610:-:*:*:*:*:*:*:* cpe:2.3:h:hitachienergy:tro620:-:*:*:*:*:*:*:* cpe:2.3:h:hitachienergy:tro670:-:*:*:*:*:*:*:* cpe:2.3:o:hitachienergy:tro610_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:hitachienergy:tro620_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:hitachienergy:tro670_firmware:*:*:*:*:*:*:*:* |
|
Vendors & Products |
Hitachienergy
Hitachienergy tro610 Hitachienergy tro610 Firmware Hitachienergy tro620 Hitachienergy tro620 Firmware Hitachienergy tro670 Hitachienergy tro670 Firmware |
Tue, 29 Oct 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Hitachi Energy
Hitachi Energy tro600 |
|
CPEs | cpe:2.3:a:hitachi_energy:tro600:*:*:*:*:*:*:*:* | |
Vendors & Products |
Hitachi Energy
Hitachi Energy tro600 |
|
Metrics |
ssvc
|
Tue, 29 Oct 2024 13:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Command injection vulnerability in the Edge Computing UI for the TRO600 series radios that allows for the execution of arbitrary system commands. If exploited, an attacker with write access to the web UI can execute commands on the device with root privileges, far more extensive than what the write privilege intends. | |
Weaknesses | CWE-77 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Hitachi Energy
Published: 2024-10-29T12:30:31.402Z
Updated: 2024-10-29T13:57:22.208Z
Reserved: 2024-07-16T16:02:30.295Z
Link: CVE-2024-41153
Vulnrichment
Updated: 2024-10-29T13:56:39.311Z
NVD
Status : Analyzed
Published: 2024-10-29T13:15:04.600
Modified: 2024-10-31T14:37:48.533
Link: CVE-2024-41153
Redhat
No data.