CVE-2024-47133
published 2024-12-05CVE-2024-47133: UD-LT1 firmware Ver.2.1.9 and earlier and UD-LT1/EX firmware Ver.2.1.9 and earlier allow a remote authenticated attacker with an administrative account to…
PriorityP275high7.2CVSS 3.0
AVNACLPRHUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.90%
55.3th percentile
UD-LT1 firmware Ver.2.1.9 and earlier and UD-LT1/EX firmware Ver.2.1.9 and earlier allow a remote authenticated attacker with an administrative account to execute arbitrary OS commands.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| i-o_data_device_inc | ud-lt1 | — | — |
| i-o_data_device_inc | ud-lt1_ex | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2024-47133 is exploitable only by remote authenticated users with administrative accounts — detection should focus on authenticated admin sessions performing OS command injection via the device configuration management interface ↗
- →Exploitation has been confirmed in the wild; monitor I-O DATA UD-LT1 and UD-LT1/EX router admin interfaces for unexpected OS command execution or configuration changes, especially from external/internet-facing sources ↗
- →Affected firmware versions are UD-LT1 and UD-LT1/EX Ver.2.1.9 and earlier; inventory and flag any such devices running these firmware versions as high-priority targets ↗
- →CVE-2024-47133 is part of a trio of flaws (with CVE-2024-45841 and CVE-2024-52564) being actively exploited together; correlate alerts across all three CVEs on the same device ↗
- ·Firmware v2.1.9 does NOT patch CVE-2024-47133; it only addresses CVE-2024-52564. The fix for CVE-2024-47133 is scheduled for v2.2.0 — do not treat v2.1.9 as a remediated version for this CVE ↗
- ·Exploitation vector requires the Remote Management feature to be accessible from the internet; devices with Remote Management disabled or restricted to VPN-only access significantly reduce the attack surface ↗
- ·CVE-2024-45841 (guest credential info disclosure) may be chained as a precursor to CVE-2024-47133 if admin credentials are stored in files accessible to the guest account ↗
CVSS provenance
nvdv3.07.2HIGHCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
vulncheck7.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2xq2-5cvx-fvrj: UD-LT1 firmware Ver
ghsa_unreviewed·2024-12-05
CVE-2024-47133 [HIGH] CWE-78 GHSA-2xq2-5cvx-fvrj: UD-LT1 firmware Ver
UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 and earlier allow a remote authenticated attacker with an administrative account to execute arbitrary OS commands.
VulnCheck
UD-LT1 and UD-LT1/EX Firmware Admin Account Arbitrary OS Command Execution
vulncheck·2024·CVSS 7.2
CVE-2024-47133 [HIGH] UD-LT1 and UD-LT1/EX Firmware Admin Account Arbitrary OS Command Execution
UD-LT1 and UD-LT1/EX Firmware Admin Account Arbitrary OS Command Execution
UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 and earlier allow a remote authenticated attacker with an administrative account to execute arbitrary OS commands.
Affected: I-O DATA DEVICE, INC UD-LT1 and UD-LT1/EX
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://jvn.jp/en/jp/JVN46615026/index.html
No detection rules found.
No public exploits indexed.
2024-12-05
Published
Exploited in the wild