CVE-2024-40087
CriticalCVSS 9.6Exploitation Probability (EPSS)
Low risk28th percentile - higher than 28% of all known CVEs
Summary
Vilo 5 Mesh WiFi System version 5.16.1.33 and earlier suffers from insecure permissions. Lack of authentication in the custom TCP service on port 5432 allows remote, unauthenticated attackers to gain administrative access to the router.
Risk Assessment
The organization is at risk of complete router takeover by an unauthorized attacker, potentially leading to network traffic interception, configuration changes, and further attacks on the internal network.
Recommendation
Immediately update the Vilo 5 Mesh router firmware to a version newer than 5.16.1.33 if available, or apply temporary firewall rules to block access to port 5432 from external sources.
Original NVD description (English source)
Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Insecure Permissions. Lack of authentication in the custom TCP service on port 5432 allows remote, unauthenticated attackers to gain administrative access over the router.

