Undocumented Features and Chicken Bits Vulnerability Affects Firewall Function
CVE-2024-52564

7.5HIGH

Key Information:

Vendor: I-o Data Device, Inc.
Status: Ud-lt1; Ud-lt1/ex
Vendor: CVE Published:; 5 December 2024

🔔 Create I-o Data Device, Inc. Vulnerability Alert

What is CVE-2024-52564?

A significant security vulnerability exists in the firmware of I-O DATA's UD-LT1 and UD-LT1/EX products. This issue is characterized by the inclusion of undocumented features, commonly referred to as 'chicken bits'. In versions 2.1.8 and earlier, a remote attacker can exploit this vulnerability to disable the firewall functionality, potentially leading to unauthorized OS command execution or alterations to the device's configuration settings. Proper safeguards should be implemented to mitigate the risks associated with this vulnerability.

Affected Version(s)

UD-LT1 firmware Ver.2.1.8 and earlier

UD-LT1/EX firmware Ver.2.1.8 and earlier

References

https://www.iodata.jp/support/information/2024/11_ud-lt1/

https://jvn.jp/en/jp/JVN46615026/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 5, 2024
Vulnerability Reserved
Nov 14, 2024