8.8
CVE-2024-3904
- EPSS 0.17%
- Veröffentlicht 04.07.2024 09:15:04
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle Mitsubishielectric.Psirt@yd.Mi
- CVE-Watchlists
- Unerledigt
Incorrect Default Permissions vulnerability in Smart Device Communication Gateway preinstalled on MELIPC Series MI5122-VW firmware versions "05" to "07" allows a local attacker to execute arbitrary code by saving a malicious file to a specific folder. As a result, the attacker may disclose, tamper with, destroy or delete information in the product, or cause a denial-of-service (DoS) condition on the product.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellermitsubishi
≫
Produkt
melipc_mi5122-vw_firmware
Default Statusunaffected
Version <=
07
Version
05
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.17% | 0.06 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp | 8.8 | 2 | 6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
|
CWE-276 Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.
https://jvn.jp/vu/JVNVU91215350/index.html
https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-02
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-003_en.pdf