CVE-2024-52788

CVSS 3.1 Score 8.0 of 10 (high)

Details

Published Nov 19, 2024
Updated: Nov 22, 2024
CWE ID 798

Summary

CVE-2024-52788 is a newly disclosed vulnerability affecting Tenda W9 v1.0.0.7(4456). This issue involves a hardcoded password in the /etc_ro/shadow file, which provides attackers with the ability to log in as the root user. The hardcoded password goes undetected due to its fixed nature, making it an easier target for unauthorized access. Attackers who exploit this vulnerability can gain complete control over the affected device, leading to potential data theft, unauthorized modifications, or even a launchpad for further attacks on the network. Users of Tenda W9 v1.0.0.7(4456) are advised to update their devices as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share