Command Injection Vulnerability in Hitachi Energy TRO600 Series Radios
CVE-2024-41153

7.2HIGH

Key Information:

Vendor: Hitachi
Status: Tro610 Firmware
Vendor: CVE Published:; 29 October 2024

Summary

A command injection vulnerability exists in the Edge Computing user interface of the TRO600 series radios from Hitachi Energy, which can be exploited by an attacker with write access to the web UI. This weakness allows the execution of arbitrary system commands with root privileges, exposing the device to substantial risk beyond the intended scope of write privileges. The implications of this vulnerability necessitate immediate attention to safeguard against potential exploitation.

References

https://publisher.hitachienergy.com/preview?DocumentID=8D...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 29, 2024

Collectors

NVD Database