cbcvebase.
CVE-2024-47133
published 2024-12-05

CVE-2024-47133: UD-LT1 firmware Ver.2.1.9 and earlier and UD-LT1/EX firmware Ver.2.1.9 and earlier allow a remote authenticated attacker with an administrative account to…

PriorityP275high7.2CVSS 3.0
AVNACLPRHUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.90%
55.3th percentile
UD-LT1 firmware Ver.2.1.9 and earlier and UD-LT1/EX firmware Ver.2.1.9 and earlier allow a remote authenticated attacker with an administrative account to execute arbitrary OS commands.

Affected

2 ranges
VendorProductVersion rangeFixed in
i-o_data_device_incud-lt1
i-o_data_device_incud-lt1_ex

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2024-47133 is exploitable only by remote authenticated users with administrative accounts — detection should focus on authenticated admin sessions performing OS command injection via the device configuration management interface
  • Exploitation has been confirmed in the wild; monitor I-O DATA UD-LT1 and UD-LT1/EX router admin interfaces for unexpected OS command execution or configuration changes, especially from external/internet-facing sources
  • Affected firmware versions are UD-LT1 and UD-LT1/EX Ver.2.1.9 and earlier; inventory and flag any such devices running these firmware versions as high-priority targets
  • CVE-2024-47133 is part of a trio of flaws (with CVE-2024-45841 and CVE-2024-52564) being actively exploited together; correlate alerts across all three CVEs on the same device
  • ·Firmware v2.1.9 does NOT patch CVE-2024-47133; it only addresses CVE-2024-52564. The fix for CVE-2024-47133 is scheduled for v2.2.0 — do not treat v2.1.9 as a remediated version for this CVE
  • ·Exploitation vector requires the Remote Management feature to be accessible from the internet; devices with Remote Management disabled or restricted to VPN-only access significantly reduce the attack surface
  • ·CVE-2024-45841 (guest credential info disclosure) may be chained as a precursor to CVE-2024-47133 if admin credentials are stored in files accessible to the guest account

CVSS provenance

nvdv3.07.2HIGHCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
vulncheck7.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.