IM
IronMonkey Threat Research

CVE-2024-41153 HIGH

Published: 2024-10-29 | Last Modified: 2025-10-24 | Status: Modified

Description

Command injection vulnerability in the Edge Computing UI for the TRO600 series radios that allows for the execution of arbitrary system commands. If exploited, an attacker with write access to the web UI can execute commands on the device with root privileges, far more extensive than what the write privilege intends.

Additional Descriptions (1)

Vulnerabilidad de inyección de comandos en la interfaz de usuario de Edge Computing para las radios de la serie TRO600 que permite la ejecución de comandos arbitrarios del sistema. Si se explota, un atacante con acceso de escritura a la interfaz de usuario web puede ejecutar comandos en el dispositivo con privilegios de root, mucho más amplios que los que pretende el privilegio de escritura.

CVSS Metrics

Base Score: 7.2 (HIGH)

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack VectorNETWORK
Attack ComplexityLOW
Privileges RequiredHIGH
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactHIGH
Integrity ImpactHIGH
Availability ImpactHIGH

Source: [email protected]

Type: Primary

Exploitability Score: 1.2

Impact Score: 5.9

Weaknesses

Source Type Description
[email protected] Secondary
en CWE-78
[email protected] Secondary
en CWE-77

Affected Products

Vendor Product Version Update Type
hitachienergy tro610_firmware * <built-in method update of dict object at 0x72a99be543c0> Operating System
hitachienergy tro620_firmware * <built-in method update of dict object at 0x72a99be54600> Operating System
hitachienergy tro670_firmware * <built-in method update of dict object at 0x72a99be56780> Operating System

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:hitachienergy:tro610_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:hitachienergy:tro610:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:hitachienergy:tro620_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:hitachienergy:tro620:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:hitachienergy:tro670_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:hitachienergy:tro670:-:*:*:*:*:*:*:*

References

Notification
Message here