CVE-2024-48974

CRITICAL Year: 2024
CVSS v3 Score
9.3
Critical
Weakness Type
CWE-494
View all →

Vulnerability Description

The ventilator does not perform proper file integrity checks when adopting firmware updates. This makes it possible for an attacker to force unauthorized changes to the device's configuration settings and/or compromise device functionality by pushing a compromised/illegitimate firmware file. This could disrupt the function of the device and/or cause unauthorized information disclosure.

Related Vulnerabilities

CVE-2025-27593

CRITICAL
CVSS:9.3(Critical)

The product can be used to distribute malicious code using SDD Device Drivers due to missing download verification checks, leading to code execution on target systems.

CWE-4942025

CVE-2020-9751

CRITICAL
CVSS:9.1(Critical)

Naver Cloud Explorer before 2.2.2.11 allows the system to download an arbitrary file from the attacker's server and execute it during the upgrade.

CWE-4942020

CVE-2024-28878

CRITICAL
CVSS:9.6(Critical)

IO-1020 Micro ELD downloads source code or an executable from an adjacent location and executes the code without sufficiently verifying the origin or integrity of the code.

CWE-4942024

CVE-2001-1125

CRITICAL
CVSS:9.8(Critical)

Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com ...

CWE-4942001

CVE-2002-0671

CRITICAL
CVSS:9.8(Critical)

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 downloads phone applications from a web site but can not verify the integrity of the applications, which could allow remote attacker...

CWE-4942002

CVE-2016-6567

CRITICAL
CVSS:9.8(Critical)

SHDesigns' Resident Download Manager provides firmware update capabilities for Rabbit 2000/3000 CPU boards, which according to the reporter may be used in some industrial control and embedded applicat...

CWE-4942016