CVE-2024-47944

Description

The device directly executes .patch firmware upgrade files on a USB stick without any prior authentication in the admin interface. This leads to an unauthenticated code execution via the firmware upgrade function.

CVSS v3.1 Score

6.8

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness Type (CWE)

CWE-1299 CWE-1299

References

Other References

https://r.sec-consult.com/rittaliot https://www.rittal.com/de-de/products/deep/3124300 http://seclists.org/fulldisclosure/2024/Oct/4

Frequently Asked Questions

What is CVE-2024-47944? +

The device directly executes .patch firmware upgrade files on a USB stick without any prior authentication in the admin interface. This leads to an unauthenticated code execution via the firmware upgrade function. It has a CVSS v3.1 base score of 6.8 (MEDIUM).

How severe is CVE-2024-47944? +

CVE-2024-47944 has a CVSS v3.1 score of 6.8 out of 10, rated MEDIUM. This is a medium-severity vulnerability that should be remediated as part of regular maintenance.

How do I check if I'm vulnerable to CVE-2024-47944? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-1073 7.5

Panasonic IR Control Hub (IR Blaster) versions 1.17 and earlier may allow an attacker with physical access to load unauthorized …

CVE-2025-41697 6.8

An attacker can use an undocumented UART port on the PCB as a side-channel to get root access e.g. with …

CVE-2025-26409 6.8

A serial interface can be accessed with physical access to the PCB of Wattsense Bridge devices. After connecting to the …

CVE-2024-39723 4.6

IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user …