CVE-2024-6788

Summary

CVE-2024-6788 is a newly disclosed vulnerability that allows an unauthenticated attacker to remotely reset the password for the "user-app" account with default privileges through the firmware update feature on the device's LAN interface. This susceptibility poses a significant risk as it enables unauthorized access to the system without requiring any authentication. Successful exploitation could result in privilege escalation and potential data breaches or unauthorized system modifications. It is recommended that affected organizations apply the necessary patches or configurations to mitigate this vulnerability promptly.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.