CVE-2024-54749
CVSS 3.1 Score 7.5 of 10 (high)
Details
Published Dec 6, 2024
Updated: Dec 12, 2024
CWE ID 798
Summary
CVE-2024-54749 is a newly disclosed vulnerability affecting Ubiquiti U7-Pro devices running version 7.0.35. The issue involves a hardcoded password found in the /etc/shadow file. If exploited, this vulnerability allows unauthorized users to log in as the root account. However, it's essential to note that the supplier disputes this finding, as the device cannot be deployed without setting a new password during installation. Nevertheless, the presence of a hardcoded password in the firmware image poses a potential security risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share