CVE-2024-27944

Name of the Vulnerable Software and Affected Versions RUGGEDCOM CROSSBOW versions prior to V5.5

Description The issue is related to incorrect external control of file names or paths in the Firmware Upload Handler component of the RUGGEDCOM CROSSBOW system. This could allow a remote attacker to upload arbitrary files and execute arbitrary code. A privileged user can upload firmware files to the system's root installation directory, potentially allowing an attacker to tamper with specific files or achieve remote code execution.

Recommendations For versions prior to V5.5, upgrade to version V5.5 or later to mitigate the risk of exploitation. As a temporary workaround, consider restricting access to the Firmware Upload Handler component to minimize the risk of exploitation. Avoid using the Firmware Upload Handler until the issue is resolved.