Multiple vulnerabilities in I-O DATA routers UD-LT1 and UD-LT1/EX

Overview

UD-LT1 and UD-LT1/EX provided by I-O DATA DEVICE, INC. contain multiple vulnerabilities.

Products Affected

CVE-2024-45841, CVE-2024-47133

UD-LT1 firmware Ver.2.1.9 and earlier
UD-LT1/EX firmware Ver.2.1.9 and earlier

CVE-2024-52564

UD-LT1 firmware Ver.2.1.8 and earlier
UD-LT1/EX firmware Ver.2.1.8 and earlier

Description

UD-LT1 and UD-LT1/EX provided by I-O DATA DEVICE, INC. contain multiple vulnerabilities listed below.

Incorrect Permission Assignment for Critical Resource (CWE-732)
- CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Base Score 6.5
- CVE-2024-45841
OS Command Injection (CWE-78)
- CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 7.2
- CVE-2024-47133
Inclusion of Undocumented Features (CWE-1242)
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Base Score 7.5
- CVE-2024-52564

The developer states that attacks exploiting these vulnerabilities have been observed.

Solution

Update the firmware
Update the firmware to the latest version according to the information provided by the developer.

CVE-2024-45841, CVE-2024-47133
The developer has released the updates listed below that addresses these vulnerabilities.

UD-LT1 firmware Ver.2.2.0
UD-LT1/EX firmware Ver.2.2.0

CVE-2024-52564
The developer has released the updates listed below that addresses this vulnerability.

UD-LT1 firmware Ver.2.1.9
UD-LT1/EX firmware Ver.2.1.9

Apply the workaround
The developer states that the settings of the affected products should be checked and changed.
For more information, refer to the information provided by the developer.

Credit

CVE-2024-45841, CVE-2024-47133
Takeshi Kuramori, Kaori Takashima, and Kohei Masumi of National Institute of Information and Communications Technology, Cybersecurity Research Institute reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

CVE-2024-52564
Chuya Hayakawa and Ryo Kamino of 00One, Inc. reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.

Multiple vulnerabilities in I-O DATA routers UD-LT1 and UD-LT1/EX

Overview

Products Affected

Description

Solution

Credit

آفر سرور اختصاصی از آمریکا

سال نو مبارک – تخفیف های نوروزی

کنترل پنل مدیریت سرور های مجازی

آفر های جدید سرور اختصاصی هلند

جایجایی از هگزونت

تغییرات مهم در سیستم نمایندگی ثبت دامنه بین الملل

آفر های جدید سرور اختصاصی مرداد 1403

افزایش قیمت جهانی دامنه .com

افزایش قیمت دامنه های ir از ۳۱ خرداد

تخفیف های شب یلدا

CVE-2024-10591 – HubSpot for WooCommerce WordPress Plugin Privilege Escalation Cross-Site Vulnerability

قوانین جدید ثبت دامنه

پرداخت هزینه سرویس ها

افزایش قیمت ثبت دامنه

مشکلات شبکه و هارد بر روی نود 3

افزایش قیمت جهانی دامنه

Overview

Products Affected

Description

Solution

Credit

نوشته های مشابه

Trend Micro Deep Security Agent for Windows and Deep Security Notifier on DSVA vulnerable to OS command injection

WordPress Plugin “My WP Customize Admin/Frontend” vulnerable to cross-site scripting

Multiple vulnerabilities in FXC AE1021 and AE1021PE

Multiple vulnerabilities in SHARP routers

CVE-2024-10591 – HubSpot for WooCommerce WordPress Plugin Privilege Escalation Cross-Site Vulnerability

قوانین جدید ثبت دامنه

پرداخت هزینه سرویس ها

افزایش قیمت ثبت دامنه

مشکلات شبکه و هارد بر روی نود 3

افزایش قیمت جهانی دامنه