PT-2024-33257 · Rakuten · Rakuten Turbo 5G
Samy Younsi
·
Published
2024-11-17
·
Updated
2024-11-20
·
CVE-2024-48895
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Rakuten Turbo 5G firmware versions V1.3.18 and earlier
Description
The issue is related to improper neutralization of special elements used in an OS command, also known as 'OS Command Injection'. This could allow a remote authenticated attacker to execute an arbitrary OS command.
Recommendations
For Rakuten Turbo 5G firmware versions V1.3.18 and earlier, update to a version later than V1.3.18 to resolve the issue.
At the moment, there is no information about additional mitigation measures.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rakuten Turbo 5G