CVE-2024-50557

Name of the Vulnerable Software and Affected Versions RUGGEDCOM RM1224 LTE(4G) EU versions prior to V8.2 RUGGEDCOM RM1224 LTE(4G) NAM versions prior to V8.2 SCALANCE M804PB versions prior to V8.2 SCALANCE M812-1 ADSL-Router versions prior to V8.2 SCALANCE M816-1 ADSL-Router versions prior to V8.2 SCALANCE M826-2 SHDSL-Router versions prior to V8.2 SCALANCE M874-2 versions prior to V8.2 SCALANCE M874-3 versions prior to V8.2 SCALANCE M874-3 3G-Router (CN) versions prior to V8.2 SCALANCE M876-3 versions prior to V8.2 SCALANCE M876-3 (ROK) versions prior to V8.2 SCALANCE M876-4 versions prior to V8.2 SCALANCE M876-4 (EU) versions prior to V8.2 SCALANCE M876-4 (NAM) versions prior to V8.2 SCALANCE MUM853-1 versions prior to V8.2 SCALANCE MUM856-1 versions prior to V8.2 SCALANCE S615 EEC LAN-Router versions prior to V8.2 SCALANCE S615 LAN-Router versions prior to V8.2

Description The issue is related to insufficient input validation in the configuration field of the iperf functionality, which could allow a remote attacker to execute arbitrary code on the device.

Recommendations As a temporary workaround, consider disabling the iperf functionality until a patch is available. Update to version V8.2 or later for each of the affected devices to resolve the issue. Restrict access to the configuration fields of the iperf functionality to minimize the risk of exploitation. Avoid using the affected devices for critical operations until the issue is resolved.