← back
CVE-2024-47133

CVE-2024-47133

CVSS 7.2 HIGHEPSS 0.9%CWE-78
In short

An attacker with admin access to a UD-LT1 or UD-LT1/EX device can run harmful commands on the system. This is dangerous because it gives the attacker complete control over the device.

Technical detail

The vulnerability allows remote command injection through administrative functions in firmware versions 2.1.9 and earlier. An authenticated attacker with administrative privileges can execute arbitrary OS commands, leading to full system compromise. The attack requires prior administrative account access.

Summary generated and translated by AI from the official description.
UD-LT1 firmware Ver.2.1.9 and earlier and UD-LT1/EX firmware Ver.2.1.9 and earlier allow a remote authenticated attacker with an administrative account to execute arbitrary OS commands.
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
I-O DATA DEVICE, INC. · UD-LT1I-O DATA DEVICE, INC. · UD-LT1/EX

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://jvn.jp/en/jp/JVN46615026/https://www.iodata.jp/support/information/2024/11_ud-lt1/