CVE-2024-51240

CVSS 3.1 Score 8 of 10 (high)

Details

Published Nov 5, 2024
Updated: Nov 6, 2024
CWE ID 522

Summary

CVE-2024-51240 is a newly identified vulnerability affecting the luci-mod-rpc package in OpenWRT Luci LTS. This issue grants privilege escalation from an administrator account to root, allowing unauthorized users to gain elevated access. The vulnerability stems from a flaw in the JSON-RPC-API, which is exposed through the luci-mod-rpc package. Successful exploitation of this vulnerability could potentially lead to significant security implications, including unauthorized system modifications and data breaches. Users are strongly advised to apply the necessary patches or updates to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share