CVE-2024-41976

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 13, 2024
Updated: Aug 23, 2024
CWE ID 20

Summary

CVE-2024-41976 is a newly identified vulnerability that affects multiple RUGGEDCOM and SCALANCE router models from Version 8.1 and below. These devices fail to validate user input in certain VPN configuration fields, creating an opportunity for authenticated remote attackers to execute arbitrary code on the affected devices. This issue potentially impacts the following models: RM1224 LTE, SCALANCE M804PB, M812-1 and M816-1 ADSL-Routers, M826-2 SHDSL-Router, M874-2 and M874-3, M876-3 (A1, B1, ROK, EU, NAM), MUM853-1 (A1, B1, EU), MUM856-1 (A1, B1, CN, EU, RoW), and S615 EEC and LAN-Routers. Successful exploitation of this vulnerability could lead to significant security risks and potential unauthorized access to networks. Users are strongly advised to update their devices to the latest version, V8.1, or contact the vendor for further assistance.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share