CVE-2024-40893

CVSS 3.1 Score 6.8 of 10 (medium)

Details

Published Aug 12, 2024

Updated: Aug 21, 2024

CWE ID 78

Summary

CVE-2024-40893 is a new vulnerability affecting Firewalla Box Software versions prior to 1.979. This issue allows authenticated attackers, who are physically close and have access to the Bluetooth Low-Energy (BTLE) interface, to inject OS commands into various configuration parameters including networkConfig.Interface.Phy.Eth0.Extra.PingTestIP, networkConfig.Interface.Phy.Eth0.Extra.DNSTestDomain, and networkConfig.Interface.Phy.Eth0.Gateway6. The implications of this command injection are significant, as an attacker can potentially persist their access even after hardware resets and firmware re-flashes by syncing the manipulated configuration to the Firewalla cloud.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database