CVE-2024-22078

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Privilege escalation can occur via world writable files. The network configuration script has weak filesystem permissions. This results in write access for all authenticated users and the possibility to escalate from user privileges to administrative privileges.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.elspec-ltd.com/support/security-advisories/	Vendor Advisory
https://www.elspec-ltd.com/support/security-advisories/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:elspec-ltd:g5dfr_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:elspec-ltd:g5dfr:-:*:*:*:*:*:*:*

History

16 Apr 2025, 18:20

Type	Values Removed	Values Added
First Time		Elspec-ltd g5dfr Firmware Elspec-ltd Elspec-ltd g5dfr
CPE		cpe:2.3:o:elspec-ltd:g5dfr_firmware:::::::: cpe:2.3:h:elspec-ltd:g5dfr:-:::::::*
References	~~() https://www.elspec-ltd.com/support/security-advisories/ -~~	() https://www.elspec-ltd.com/support/security-advisories/ - Vendor Advisory

Information

Published : 2024-03-20 05:15

Updated : 2025-04-16 18:20

NVD link : CVE-2024-22078

Mitre link : CVE-2024-22078

CVE.ORG link : CVE-2024-22078

JSON object : View

Products Affected

elspec-ltd

g5dfr
g5dfr_firmware

CWE

CWE-280

Improper Handling of Insufficient Permissions or Privileges

{"id": "CVE-2024-22078", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-03-20T05:15:45.580", "references": [{"url": "https://www.elspec-ltd.com/support/security-advisories/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.elspec-ltd.com/support/security-advisories/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-280"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Privilege escalation can occur via world writable files. The network configuration script has weak filesystem permissions. This results in write access for all authenticated users and the possibility to escalate from user privileges to administrative privileges."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en las versiones 1.1.4.15 y anteriores del registrador de fallas digital Elspec G5. La escalada de privilegios puede ocurrir a trav\u00e9s de archivos grabables en todo el mundo. El script de configuraci\u00f3n de red tiene permisos d\u00e9biles para el sistema de archivos. Esto da como resultado acceso de escritura para todos los usuarios autenticados y la posibilidad de escalar desde privilegios de usuario a privilegios administrativos."}], "lastModified": "2025-04-16T18:20:45.887", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:elspec-ltd:g5dfr_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86EC57EE-1424-4511-86DB-56B635A22CA3", "versionEndExcluding": "1.2.1.12"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:elspec-ltd:g5dfr:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "516B3BE1-D254-4633-95C3-F7355BBC589B"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}