CVE-2024-38278
published 2024-07-09CVE-2024-38278: A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions < V5.9.0), RUGGEDCOM RMC8388NC V5.X (All versions < V5.9.0), RUGGEDCOM RS416NCv2…
high7.5CVSS 4.0
AVNACLATPPRHUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions < V5.9.0), RUGGEDCOM RMC8388NC V5.X (All versions < V5.9.0), RUGGEDCOM RS416NCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416PNCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416v2 V5.X (All versions < V5.9.0), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.9.0), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.9.0), RUGGEDCOM RS900GNC(32M) V5.X (All versions < V5.9.0), RUGGEDCOM RS900NC(32M) V5.X (All versions < V5.9.0), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.9.0), RUGGEDCOM RSG2100NC(32M) V5.X (All versions < V5.9.0), RUGGEDCOM RSG2100P (32M) V5.X (All versions < V5.9.0), RUGGEDCOM RSG2100PNC (32M) V5.X (All versions < V5.9.0), RUGGEDCOM RSG2288 V5.X (All versions < V5.9.0), RUGGEDCOM RSG2288NC V5.X (All versions < V5.9.0), RUGGEDCOM RSG2300 V5.X (All versions < V5.9.0), RUGGEDCOM RSG2300NC V5.X (All versions < V5.9.0), RUGGEDCOM RSG2300P V5.X (All versions < V5.9.0), RUGGEDCOM RSG2300PNC V5.X (All versions < V5.9.0), RUGGEDCOM RSG2488 V5.X (All versions < V5.9.0), RUGGEDCOM RSG2488NC V5.X (All versions < V5.9.0), RUGGEDCOM RSG907R (All versions < V5.9.0), RUGGEDCOM RSG908C (All versions < V5.9.0), RUGGEDCOM RSG909R (All versions < V5.9.0), RUGGEDCOM RSG910C (All versions < V5.9.0), RUGGEDCOM RSG920P V5.X (All versions < V5.9.0), RUGGEDCOM RSG920PNC V5.X (All versions < V5.9.0), RUGGEDCOM RSL910 (All versions < V5.9.0), RUGGEDCOM RSL910NC (All versions < V5.9.0), RUGGEDCOM RST2228 (All versions < V5.9.0), RUGGEDCOM RST2228P (All versions < V5.9.0), RUGGEDCOM RST916C (All versions < V5.9.0), RUGGEDCOM RST916P (All versions < V5.9.0). The affected products with IP forwarding enabled wrongly make available certain remote services in non-managed VLANs, even if these services are not intentionally activated. An attacker could leverage this vulnerability to create a remote shell to the affected system.
Affected
34 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | ruggedcom_rmc8388_v5.x | < V5.9.0 | V5.9.0 |
| siemens | ruggedcom_rmc8388nc_v5.x | < V5.9.0 | V5.9.0 |
| siemens | ruggedcom_rs416ncv2_v5.x | < V5.9.0 | V5.9.0 |
| siemens | ruggedcom_rs416pncv2_v5.x | < V5.9.0 | V5.9.0 |
| siemens | ruggedcom_rs416pv2_v5.x | < V5.9.0 | V5.9.0 |
| siemens | ruggedcom_rs416v2_v5.x | < V5.9.0 | V5.9.0 |
| siemens | ruggedcom_rs900_v5.x | < V5.9.0 | V5.9.0 |
| siemens | ruggedcom_rs900g_v5.x | < V5.9.0 | V5.9.0 |
| siemens | ruggedcom_rs900gnc_v5.x | < V5.9.0 | V5.9.0 |
| siemens | ruggedcom_rs900nc_v5.x | < V5.9.0 | V5.9.0 |
| siemens | ruggedcom_rsg2100_v5.x | < V5.9.0 | V5.9.0 |
| siemens | ruggedcom_rsg2100nc_v5.x | < V5.9.0 | V5.9.0 |
| siemens | ruggedcom_rsg2100p_v5.x | < V5.9.0 | V5.9.0 |
| siemens | ruggedcom_rsg2100pnc_v5.x | < V5.9.0 | V5.9.0 |
| siemens | ruggedcom_rsg2288_v5.x | < V5.9.0 | V5.9.0 |
| siemens | ruggedcom_rsg2288nc_v5.x | < V5.9.0 | V5.9.0 |
| siemens | ruggedcom_rsg2300_v5.x | < V5.9.0 | V5.9.0 |
| siemens | ruggedcom_rsg2300nc_v5.x | < V5.9.0 | V5.9.0 |
| siemens | ruggedcom_rsg2300p_v5.x | < V5.9.0 | V5.9.0 |
| siemens | ruggedcom_rsg2300pnc_v5.x | < V5.9.0 | V5.9.0 |
| siemens | ruggedcom_rsg2488_v5.x | < V5.9.0 | V5.9.0 |
| siemens | ruggedcom_rsg2488nc_v5.x | < V5.9.0 | V5.9.0 |
| siemens | ruggedcom_rsg907r | < V5.9.0 | V5.9.0 |
| siemens | ruggedcom_rsg908c | < V5.9.0 | V5.9.0 |
| siemens | ruggedcom_rsg909r | < V5.9.0 | V5.9.0 |