CVE-2024-43387
high-risk
Published 2024-09-10
A low privileged remote attacker can read and write files as root due to improper neutralization of special elements in the variable EMAIL_RELAY_PASSWORD in mGuard devices.
Do I need to act?
-
0.72% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
NETWORK
/ LOW complexity
Affected Products (20)
Tc Mguard Rs4000 4G Vzw Vpn Firmware
Tc Mguard Rs4000 4G Vpn Firmware
Tc Mguard Rs4000 4G Att Vpn Firmware
Tc Mguard Rs4000 3G Vpn Firmware
Tc Mguard Rs2000 4G Vzw Vpn Firmware
Tc Mguard Rs2000 4G Vpn Firmware
Tc Mguard Rs2000 4G Att Vpn Firmware
Tc Mguard Rs2000 3G Vpn Firmware
Fl Mguard Smart2 Vpn Firmware
Fl Mguard Smart2 Firmware
Fl Mguard Rs4004 Tx\/Dtx Vpn Firmware
Fl Mguard Rs4004 Tx\/Dtx Firmware
Fl Mguard Rs4000 Tx\/Tx Vpn Firmware
Fl Mguard Rs4000 Tx\/Tx-P Firmware
Fl Mguard Rs4000 Tx\/Tx-M Firmware
Fl Mguard Rs4000 Tx\/Tx Firmware
Fl Mguard Rs2005 Tx Vpn Firmware
Fl Mguard Rs2000 Tx\/Tx Vpn Firmware
Fl Mguard Rs2000 Tx\/Tx-B Firmware
Fl Mguard Pcie4000 Vpn Firmware
Affected Vendors
References (1)
Third Party Advisory
https://cert.vde.com/en/advisories/VDE-2024-039
55
/ 100
high-risk
Severity
30/34 · Critical
Exploitability
2/34 · Minimal
Exposure
23/34 · High