CVE-2024-39251Critical
Share link
Anyone with the link can open this vulnerability.
An issue in the component ControlCenter.sys/ControlCenter64.sys of ThundeRobot Control Center v2.0.0.10 allows attackers to access sensitiv…
CVSS
10.0
Critical
EPSS
0.01
p49
Published
2024-01-01
Updated
2024-01-01
Description
An issue in the component ControlCenter.sys/ControlCenter64.sys of ThundeRobot Control Center v2.0.0.10 allows attackers to access sensitive information, execute arbitrary code, or escalate privileges via sending crafted IOCTL requests.
Tags · CWE
Pre-auth
CWE-782
CWE-782VariantDraft
Exposed IOCTL with Insufficient Access Control
The product implements an IOCTL with functionality that should be restricted, but it does not properly enforce access control for the IOCTL.
https://cwe.mitre.org/data/definitions/782.html →Open in CWE collection →CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Timeline
2024-01-01
Published
2024-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: N
None (N)
User Interaction
UI: N
None (N)
Scope
S: C
Changed (C)
Confidentiality Impact
C: H
High (H)
Integrity Impact
I: H
High (H)
Availability Impact
A: H
High (H)
Exploit indicators
EPSS
0.007 · p49
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
No vulnerabilities match your filters.