PT-2024-9436 · I O Data Device · Ud-Lt1/Ex+1
Kaori Takashima
+2
·
Published
2024-12-04
·
Updated
2024-12-18
·
CVE-2024-45841
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
UD-LT1 firmware versions 2.1.9 and earlier
UD-LT1/EX firmware versions 2.1.9 and earlier
Description:
The issue is related to incorrect permission assignment for a critical resource in the firmware of I-O Data Device UD-LT1 and UD-LT1/EX. This could allow an attacker with a guest account to access a specific file and obtain information containing credentials. The vulnerability may be exploited remotely.
Recommendations:
For UD-LT1 firmware versions 2.1.9 and earlier, update to a version that fixes the incorrect permission assignment issue.
For UD-LT1/EX firmware versions 2.1.9 and earlier, update to a version that fixes the incorrect permission assignment issue.
As a temporary workaround, consider restricting access to the specific file that contains credentials to minimize the risk of exploitation.
Fix
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ud-Lt1
Ud-Lt1/Ex