CVE-2024-27941

Name of the Vulnerable Software and Affected Versions: RUGGEDCOM CROSSBOW versions prior to V5.5

Description: The issue is related to the improper sanitization of input data before it is sent to the SQL server. This could allow an attacker to compromise the entire database by executing arbitrary SQL queries. The vulnerability is associated with a lack of protection for the SQL query structure, which can be exploited by a remote attacker.

Recommendations: For versions prior to V5.5, update to version V5.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the SQL server to minimize the risk of exploitation. Avoid using unsanitized input data in SQL queries until the issue is resolved.