cbcvebase.
CVE-2024-43406
published 2024-08-20

CVE-2024-43406: LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. A user could utilize and exploit…

PriorityP353high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.89%
55.0th percentile
LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. A user could utilize and exploit SQL Injection to allow the execution of malicious SQL query via Get method in sqlKvStore. This vulnerability is fixed in 1.14.2.

Affected

5 ranges
VendorProductVersion rangeFixed in
github.comlf-edge_ekuiper>= 0 < 1.14.21.14.2
lf-edgeekuiper< 1.14.21.14.2
lf-edgeekuiper>= 0 < 1.14.21.14.2
lf-edgeekuiper>= 0 < 1a9c745649438feaac357d282959687012b655031a9c745649438feaac357d282959687012b65503
lfedgeekuiper< 1.14.21.14.2
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.