CVE-2024-52564

Name of the Vulnerable Software and Affected Versions: I-O Data Device UD-LT1 versions 2.1.8 and earlier I-O Data Device UD-LT1/EX versions 2.1.8 and earlier

Description: The issue exists due to the inclusion of undocumented features, which can be exploited by a remote attacker to disable the firewall function of the affected products. This can result in the execution of arbitrary OS commands and/or alteration of the device's configuration settings. A remote attacker may bypass existing security restrictions and execute arbitrary commands.

Recommendations: For I-O Data Device UD-LT1 versions 2.1.8 and earlier, update to a version later than 2.1.8 to resolve the issue. For I-O Data Device UD-LT1/EX versions 2.1.8 and earlier, update to a version later than 2.1.8 to resolve the issue. As a temporary workaround, consider restricting access to the device's configuration settings and monitoring the device's security logs for suspicious activity until a patch is available.