CVE-2024-4163
CVSS 3.1 Score 8.3 of 10 (high)
Details
Published Apr 26, 2024
Updated: Jul 3, 2024
CWE ID 77
Summary
CVE-2024-4163 is a vulnerability affecting the Skylab IGX IIoT Gateway. The issue lies in the limited shell terminal (IGX) which runs under root privileges, allowing unauthorized users to connect. Through the use of the file exec and download functions, attackers can manipulate files, including the /etc/passwd file. By replacing this file with a new root user entry, attackers can gain unrestricted shell access and ultimately take control of the entire IIoT Gateway.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- RaspAP
Affected Vendors
- Raspap