CVE Catalog

CVE-2024-40089

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
1.19%

64th percentile - higher than 64% of all known CVEs

Summary

A command injection vulnerability in Vilo 5 Mesh WiFi System version 5.16.1.33 and earlier allows remote, authenticated attackers to execute arbitrary code by injecting shell commands into the device name.

Risk Assessment

The risk involves potential device takeover by an authenticated attacker, leading to network and data integrity compromise.

Recommendation

Immediately update the firmware to the latest version and restrict administrative access to trusted users only.

Original NVD description (English source)

A Command Injection vulnerability in Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, authenticated attackers to execute arbitrary code by injecting shell commands into the name of the Vilo device.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS