1. Home
  2. CVE Database
  3. CVE-2024-47944
MEDIUM · 6.8

CVE-2024-47944

The device directly executes .patch firmware upgrade files on a USB stick without any prior authentication in the admin interface. This leads to an unauthenticated code execution via the firmware upgr...

Vulnerability Description

The device directly executes .patch firmware upgrade files on a USB stick without any prior authentication in the admin interface. This leads to an unauthenticated code execution via the firmware upgrade function.

CVSS Score

6.8

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Related Weaknesses (CWE)

CWE-1299

References

FAQ

What is CVE-2024-47944?

CVE-2024-47944 is a vulnerability with a CVSS score of 6.8 (MEDIUM). The device directly executes .patch firmware upgrade files on a USB stick without any prior authentication in the admin interface. This leads to an unauthenticated code execution via the firmware upgr...

How severe is CVE-2024-47944?

CVE-2024-47944 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-47944?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.