CVE-2024-11611

CVSS 3.0 Score 7.8 of 10 (high)

Details

Published Jan 30, 2025

CWE ID 119

Summary

CVE-2024-11611 is a remote code execution vulnerability affecting AutomationDirect C-More EA9 and EAP9 devices. The issue arises due to insufficient validation of user-supplied data during EAP file parsing, leading to memory corruption. Exploitation requires users to visit a malicious page or open a specially crafted file. This vulnerability, originally reported as ZDI-CAN-24774, enables attackers to execute arbitrary code on affected installations.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/0wqHmo
https://www.cve.org/CVERecord?id=CVE-2024-11611
https://nvd.nist.gov/vuln/detail/CVE-2024-11611

Back to Vulnerability Database

CVE-2024-11611

CVSS 3.0 Score 7.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations