Permission Assignment Vulnerability in UD-LT1 Firmware by I-O DATA
CVE-2024-45841

6.5MEDIUM

Key Information:

Vendor: I-o Data Device, Inc.
Status: Ud-lt1; Ud-lt1/ex
Vendor: CVE Published:; 5 December 2024

🔔 Create I-o Data Device, Inc. Vulnerability Alert

What is CVE-2024-45841?

A significant security vulnerability has been identified in the UD-LT1 and UD-LT1/EX firmware versions 2.1.9 and earlier. This issue arises from incorrect permission assignment for critical resources, which can be exploited by an attacker with a guest account. By accessing a specific file, the attacker may obtain sensitive information, including credentials, thereby jeopardizing the security of the affected systems. Users are advised to review their firmware versions and apply necessary updates to mitigate potential risks. For further information, please refer to the official support page and the Japanese Vulnerability Notes.

Affected Version(s)

UD-LT1 firmware Ver.2.1.8 and earlier

UD-LT1/EX firmware Ver.2.1.8 and earlier

References

https://www.iodata.jp/support/information/2024/11_ud-lt1/

https://jvn.jp/en/jp/JVN46615026/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 5, 2024
Vulnerability Reserved
Nov 22, 2024