CVE-2024-27943

Name of the Vulnerable Software and Affected Versions: RUGGEDCOM CROSSBOW versions prior to V5.5

Description: The issue is related to incorrect external control of a file name or path in the Firmware Upload Handler component of the RUGGEDCOM CROSSBOW system. This could allow a remote attacker to upload arbitrary files and execute arbitrary code. A privileged user can upload generic files to the root installation directory, potentially allowing an attacker to tamper with specific files or achieve remote code execution.

Recommendations: For versions prior to V5.5, update to version V5.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the Firmware Upload Handler component to minimize the risk of exploitation. Additionally, restrict file uploads to authorized users and validate file types to prevent arbitrary file uploads.