How severe is CVE-2024-40893?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2024-40893?

This is classified as CWE-78, which is a common weakness in software security.

CVE-2024-40893 - MEDIUM Severity | CVSS 6.8

Vulnerability Description

Multiple authenticated operating system (OS) command injection vulnerabilities exist in Firewalla Box Software versions before 1.979. A physically close attacker that is authenticated to the Bluetooth Low-Energy (BTLE) interface can use the network configuration service to inject commands in various configuration parameters including networkConfig.Interface.Phy.Eth0.Extra.PingTestIP, networkConfig.Interface.Phy.Eth0.Extra.DNSTestDomain, and networkConfig.Interface.Phy.Eth0.Gateway6. Additionally, because the configuration can be synced to the Firewalla cloud, the attacker may be able to persist access even after hardware resets and firmware re-flashes.

Related Vulnerabilities

CVE-2017-10811

MEDIUM

CVSS:6.8(Medium)

Buffalo WCR-1166DS devices with firmware 1.30 and earlier allow an attacker to execute arbitrary OS commands via unspecified vectors.

CWE-782017

CVE-2017-10813

MEDIUM

CVSS:6.8(Medium)

CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.

CWE-782017

CVE-2017-2152

MEDIUM

CVSS:6.8(Medium)

WNC01WH firmware 1.0.0.9 and earlier allows authenticated attackers to execute arbitrary OS commands via unspecified vectors.

CWE-782017

CVE-2018-0512

MEDIUM

CVSS:6.8(Medium)

Devices with IP address setting tool "MagicalFinder" provided by I-O DATA DEVICE, INC. allow authenticated attackers to execute arbitrary OS commands via unspecified vectors.

CWE-782018

CVE-2018-0677

MEDIUM

CVSS:6.8(Medium)

BN-SDWBP3 firmware version 1.0.9 and earlier allows attacker with administrator rights on the same network segment to execute arbitrary OS commands via unspecified vectors.

CWE-782018

CVE-2018-14998

MEDIUM

CVSS:6.8(Medium)

The Leagoo P1 Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a hidden root privilege escalation capability to achieve c...

CWE-782018