← Retour aux CVEs
CVE-2024-22078
HIGH8.8
Description
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Privilege escalation can occur via world writable files. The network configuration script has weak filesystem permissions. This results in write access for all authenticated users and the possibility to escalate from user privileges to administrative privileges.
Details CVE
Score CVSS v3.18.8
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie3/20/2024
Derniere modification4/16/2025
Sourcenvd
Observations honeypot0
Produits affectes
elspec-ltd:g5dfrelspec-ltd:g5dfr_firmware
Faiblesses (CWE)
CWE-280
References
https://www.elspec-ltd.com/support/security-advisories/(cve@mitre.org)
https://www.elspec-ltd.com/support/security-advisories/(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.