CVE-2024-40089

Name of the Vulnerable Software and Affected Versions Vilo 5 Mesh WiFi System versions up to 5.16.1.33

Description A Command Injection issue allows remote, authenticated attackers to execute arbitrary code by injecting shell commands into the name of the Vilo device. This enables attackers to run arbitrary commands on the system.

Recommendations For Vilo 5 Mesh WiFi System versions up to 5.16.1.33, update to a version later than 5.16.1.33 to resolve the issue. As a temporary workaround, consider restricting access to the device name setting to minimize the risk of exploitation.