Rakuten Turbo 5G Firmware Vulnerability Could Allow Arbitrary OS Command Execution

CVE-2024-48895

8.8HIGH

Key Information

Vendor: Rakuten Mobile, Inc.
Status: Rakuten Turbo 5g
Vendor: CVE Published:; 20 November 2024

Summary

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote authenticated attacker may execute an arbitrary OS command.

Affected Version(s)

Rakuten Turbo 5G = V1.3.18 and earlier

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Nov 20, 2024
Vulnerability Reserved.
Nov 5, 2024

Collectors

NVD DatabaseMitre Database