CVE Catalog

CVE-2024-40087

CriticalCVSS 9.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.36%

28th percentile - higher than 28% of all known CVEs

Summary

Vilo 5 Mesh WiFi System version 5.16.1.33 and earlier suffers from insecure permissions. Lack of authentication in the custom TCP service on port 5432 allows remote, unauthenticated attackers to gain administrative access to the router.

Risk Assessment

The organization is at risk of complete router takeover by an unauthorized attacker, potentially leading to network traffic interception, configuration changes, and further attacks on the internal network.

Recommendation

Immediately update the Vilo 5 Mesh router firmware to a version newer than 5.16.1.33 if available, or apply temporary firewall rules to block access to port 5432 from external sources.

Original NVD description (English source)

Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Insecure Permissions. Lack of authentication in the custom TCP service on port 5432 allows remote, unauthenticated attackers to gain administrative access over the router.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS