CVE-2024-39219

Name of the Vulnerable Software and Affected Versions Aginode GigaSwitch V5 versions prior to 7.06G

Description The issue allows authenticated attackers with Administrator privileges to upload an earlier firmware version, exposing the device to previously patched vulnerabilities. This can be done by exploiting insecure permissions in the device.

Recommendations For Aginode GigaSwitch V5 versions prior to 7.06G, update to version 7.06G or later to resolve the issue. As a temporary workaround, consider restricting access to firmware upload functionality to minimize the risk of exploitation. Restrict access to the SCP command to prevent attackers from accessing sensitive information.