HIGH🇬🇧 English

CVE-2024-22078

CVSS 8.8v3.1pub. 2024-03-20upd. 2025-04-16

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Privilege escalation can occur via world writable files. The network configuration script has weak filesystem permissions. This results in write access for all authenticated users and the possibility to escalate from user privileges to administrative privileges.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Elspec Ltd G5dfr

    HW
    Elspec-Ltd
    wszystkie wersje
  • Elspec Ltd G5dfr Firmware

    OS
    Elspec-Ltd
    < 1.2.1.12
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
LPE
CWE
Referencje

Powiązane podatności

CVE-2024-22081CRITICAL9.8PL ✓ten sam produkt

Nieuwierzytelniona korupcja pamięci w Elspec G5 Digital Fault Recorder

CVE-2024-22080CRITICAL9.8PL ✓ten sam produkt

Elspec G5 – nieuwierzytelnione uszkodzenie pamięci podczas parsowania XML

CVE-2024-46602HIGH7.5ten sam produkt

An issue was discovered in Elspec G5 digital fault recorder version 1.2.1.12 and earlier. An XML External Enti...

CVE-2024-46601HIGH7.5ten sam produkt

Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 was discovered to contain a buffer overflow.

CVE-2024-46603HIGH7.5ten sam produkt

An XML External Entity (XXE) vulnerability in Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 ...