CVE-2024-28878 CRITICAL

CVE-2024-28878: IOSIX IO-1020 Micro ELD Download of Code Without Integrity Check

Vendor Iosix
Product IO-1020 Micro ELD
Weakness CWE-494 · Download without integrity check
Published April 12, 2024
Last update August 26, 2024

CVSS base score

9.6/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

IO-1020 Micro ELD downloads source code or an executable from an adjacent location and executes the code without sufficiently verifying the origin or integrity of the code.

Key dates

02Disclosure timeline

April 12, 2024 CVE published
August 26, 2024 Record updated