CVE Catalog
CVE-2024-40089
CriticalCVSS 9.1Exploitation Probability (EPSS)
Elevated risk1.19%
64th percentile - higher than 64% of all known CVEs
Summary
A command injection vulnerability in Vilo 5 Mesh WiFi System version 5.16.1.33 and earlier allows remote, authenticated attackers to execute arbitrary code by injecting shell commands into the device name.
Risk Assessment
The risk involves potential device takeover by an authenticated attacker, leading to network and data integrity compromise.
Recommendation
Immediately update the firmware to the latest version and restrict administrative access to trusted users only.
Original NVD description (English source)
A Command Injection vulnerability in Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, authenticated attackers to execute arbitrary code by injecting shell commands into the name of the Vilo device.

