CVSS: 2.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-29210
https://notcve.org/view.php?id=CVE-2024-29210
This vulnerability allows a regular user to modify the application's configuration file to redirect update checks to an arbitrary server, which can then be exploited in conjunction with CVE-2024-29209 to execute arbitrary code with elevated privileges. The issue stems from improper permission settings on the application's configuration file, which is stored in a common directory accessible to all users. ... If the system is also vulnerable to CVE-2024-29209, the attacker can deliver a malicious update package that, when executed, grants them elevated privileges. Impact: This vulnerability can lead to a regular user executing code with administrative privileges. • https://support.knowbe4.com/hc/en-us/articles/28959854203923-CVE-2024-29210 • CWE-269: Improper Privilege Management •
CVSS: 8.0EPSS: 0%CPEs: 8EXPL: 0CVE-2024-29206 – Ubiquiti Networks EV Station setDebugPortEnabled Exposed Dangerous Method Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-29206
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Ubiquiti Networks EV Station. ... An attacker can leverage this vulnerability to execute code in the context of the adb shell. • https://community.ui.com/releases/Security-Advisory-bulletin-039-039/44e24007-2c2c-4ac0-bebf-3f19b9b24f09 • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-29208 – Ubiquiti Networks EV Station changeUserPassword Missing Authentication Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-29208
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Ubiquiti Networks EV Station. ... An attacker can leverage this vulnerability to execute code in the context of the device. • https://community.ui.com/releases/Security-Advisory-bulletin-039-039/44e24007-2c2c-4ac0-bebf-3f19b9b24f09 • CWE-521: Weak Password Requirements •
CVSS: 6.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-20863
https://notcve.org/view.php?id=CVE-2024-20863
Out of bounds write vulnerability in SNAP in HAL prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary code. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=05 •
CVSS: 6.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-20862
https://notcve.org/view.php?id=CVE-2024-20862
Out-of-bounds write in SveService prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary code. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=05 •