CVE-2024-3765

Name of the Vulnerable Software and Affected Versions Xiongmai AHB7804R-MH-V2 Xiongmai AHB8004T-GL Xiongmai AHB8008T-GL Xiongmai AHB7004T-GS-V3 Xiongmai AHB7004T-MHV2 Xiongmai AHB8032F-LME Xiongmai XM530 R80X30-PQ 8M

Description A critical vulnerability was found in the Sofia Service component of the affected Xiongmai devices. The issue allows for improper access controls due to the manipulation of an unknown functionality with a specific input, ff00000000000000000000000000f103250000007b202252657422203a203130302c202253657373696f6e494422203a202230783022207d0a. This can be exploited remotely. The exploit has been publicly disclosed.

Recommendations For all affected devices, restrict firewall access to minimize the risk of exploitation. As a temporary workaround, consider disabling the Sofia Service component until a patch is available. Avoid using the affected devices until a fix is provided by the vendor. At the moment, there is no information about a newer version that contains a fix for this vulnerability.