CVE-2024-48777

Summary

CVE-2024-48777 is a newly disclosed vulnerability affecting the LEDVANCE com.ledvance.smartplus.eu firmware version 2.1.10. An attacker can exploit this issue during the firmware update process to gain unauthorized access to sensitive information. The vulnerability does not involve any authentication bypass or privilege escalation, but rather relies on the ability to intercept and manipulate data exchanged between the device and the update server. This could potentially lead to exposure of confidential information, including user credentials and device configurations. The impact of this vulnerability is significant for organizations and individuals relying on the affected LEDVANCE smartplus devices for their lighting infrastructure. It is recommended that users update their devices to a patched version as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.