CVE-2024-47133

Name of the Vulnerable Software and Affected Versions: I-O Data Device UD-LT1 versions 2.1.9 and earlier I-O Data Device UD-LT1/EX versions 2.1.9 and earlier

Description: The issue allows a remote authenticated attacker with an administrative account to execute arbitrary OS commands. This is due to the lack of measures to neutralize special elements in the firmware of the I-O Data Device UD-LT1 and UD-LT1/EX routers.

Recommendations: For I-O Data Device UD-LT1 versions 2.1.9 and earlier, update to a version later than 2.1.9 to resolve the issue. For I-O Data Device UD-LT1/EX versions 2.1.9 and earlier, update to a version later than 2.1.9 to resolve the issue. As a temporary workaround, consider restricting access to administrative accounts until a patch is available. Restrict input/output on all devices to minimize the risk of exploitation. Audit for signs of exploit to ensure the issue has not been previously exploited.