cbcvebase.
CVE-2024-52564
published 2024-12-05

CVE-2024-52564: Inclusion of undocumented features or chicken bits issue exists in UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 and earlier. A remote…

PriorityP278high7.5CVSS 3.0
AVNACLPRNUINSUCNIHAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.58%
43.3th percentile
Inclusion of undocumented features or chicken bits issue exists in UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 and earlier. A remote attacker may disable the firewall function of the affected products. As a result, an arbitrary OS command may be executed and/or configuration settings of the device may be altered.

Affected

2 ranges
VendorProductVersion rangeFixed in
i-o_data_device_incud-lt1
i-o_data_device_incud-lt1_ex

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2024-52564 allows unauthenticated remote attackers to disable the firewall on affected devices without authentication — monitor for unexpected firewall state changes or unauthenticated configuration modification requests on UD-LT1 / UD-LT1/EX devices
  • Exploitation has been confirmed in the wild — look for unauthorized external access attempts to the configuration interface of UD-LT1 / UD-LT1/EX routers exposed to the internet without VPN
  • Attackers are targeting the Remote Management interface accessible over WAN Port, Modem, and VPN settings — alert on configuration interface access originating from untrusted/external IPs
  • ·CVE-2024-52564 is only partially addressed — firmware v2.1.9 fixes this specific CVE, but CVE-2024-45841 and CVE-2024-47133 remain unpatched until v2.2.0; detection posture must account for all three active vulnerabilities on affected devices
  • ·Affected firmware versions are UD-LT1 and UD-LT1/EX Ver.2.1.8 and earlier — scope detection rules accordingly to these device models and firmware versions

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.