← back
CVE-2024-52564

CVE-2024-52564

CVSS 7.5 HIGHEPSS 0.6%CWE-1242
In short

The UD-LT1 and UD-LT1/EX devices contain hidden features that allow a remote attacker to disable the firewall, potentially leading to unauthorized command execution or device configuration changes.

Technical detail

A remote attacker can exploit undocumented functionality in affected firmware versions to disable firewall protections, enabling arbitrary OS command execution and unauthorized modification of device settings. This occurs due to the presence of chicken bits (hidden configuration flags) that lack proper access controls.

Summary generated and translated by AI from the official description.
Inclusion of undocumented features or chicken bits issue exists in UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 and earlier. A remote attacker may disable the firewall function of the affected products. As a result, an arbitrary OS command may be executed and/or configuration settings of the device may be altered.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected products
I-O DATA DEVICE, INC. · UD-LT1I-O DATA DEVICE, INC. · UD-LT1/EX

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://jvn.jp/en/jp/JVN46615026/https://www.iodata.jp/support/information/2024/11_ud-lt1/