Description

The device directly executes .patch firmware upgrade files on a USB stick without any prior authentication in the admin interface. This leads to an unauthenticated code execution via the firmware upgrade function.

Related CPE's

Could not find any relations

References

https://r.sec-consult.com/rittaliot

https://www.rittal.com/de-de/products/deep/3124300

http://seclists.org/fulldisclosure/2024/Oct/4

Weaknesses

551230f0-3615-47bd-b7cc-93e92e730bbf

Secondary
CWE-1299

CVSS impact metrics

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 · Medium

Information

Source identifier

551230f0-3615-47bd-b7cc-93e92e730bbf

Vulnerability status

Awaiting analysis

Published

2024-10-15T07:15:03.580Z

1 year ago

Last modified

2025-11-03T22:16:23.457Z

4 months ago