Rakuten Turbo 5G Firmware Vulnerability Could Allow Arbitrary OS Command Execution
CVE-2024-48895

8.8HIGH

Key Information:

Vendor: Rakuten Mobile, Inc.
Status: Rakuten Turbo 5g
Vendor: CVE Published:; 20 November 2024

Summary

An OS command injection vulnerability exists in the firmware of Rakuten Turbo 5G, specifically in versions V1.3.18 and earlier. This flaw results from improper handling of special elements used in OS commands. If successfully exploited by a remote authenticated attacker, the vulnerability could lead to the execution of arbitrary OS commands on the affected system, potentially compromising the security integrity of the device and its data.

Affected Version(s)

Rakuten Turbo 5G V1.3.18 and earlier

References

https://network.mobile.rakuten.co.jp/internet/turbo/infor...

https://jvn.jp/en/vu/JVNVU90667116/

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 20, 2024
Vulnerability Reserved
Nov 5, 2024