CVE-2024-27945

Name of the Vulnerable Software and Affected Versions RUGGEDCOM CROSSBOW versions prior to V5.5

Description The issue is related to incorrect external control of a file name or path in the Firmware Upload Handler component of the RUGGEDCOM CROSSBOW system. This could allow a remote attacker to upload arbitrary files and execute arbitrary code. A privileged user can exploit the bulk import feature to upload files to the system's root installation directory, potentially tampering with specific files or achieving remote code execution.

Recommendations For versions prior to V5.5, update to version V5.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the bulk import feature and the Firmware Upload Handler component to minimize the risk of exploitation. Avoid using the bulk import feature until the issue is resolved.