CVE-2024-53944

Published Feb 27, 2025

Last updated 9 days ago

CVSS critical 9.8
Firmware

Overview

Description
An issue was discovered on Tuoshi/Dionlink LT15D 4G Wi-Fi devices through M7628NNxlSPv2xUI_v1.0.1802.10.08_P4 and LT21B devices through M7628xUSAxUIv2_v1.0.1481.15.02_P0. A unauthenticated remote attacker with network access can exploit a command injection vulnerability. The /goform/formJsonAjaxReq endpoint fails to sanitize shell metacharacters sent via JSON parameters, thus allowing attackers to execute arbitrary OS commands with root privileges.
Source
cve@mitre.org
NVD status
Deferred

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-94

Social media

Hype score
Not currently trending

  1. 16 new OPEN, 16 new PRO (16 + 0) GhostFrame, Lumma Stealer, several CVEs (CVE-2024-45242, CVE-2024-53939, CVE-2024-53940, CVE-2024-53944, CVE-2024-53942, CVE-2025-43989 and CVE-2025-6218) and more. Thanks @malware_traffic https://t.co/XeGOQ3ewuz

    @ET_Labs

    6 Jan 2026

    174 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  2. ๐Ÿšจ CVE-2024-53944 โ“ ๐Ÿข Unknown Vendor - Unknown Product ๐Ÿ—๏ธ Unknown Version ๐Ÿ”— https://t.co/aYcXCotlTg ๐Ÿ”— https://t.co/wlNQJl8s3w ๐Ÿ”— https://t.co/h6F5CRV8ed ๐Ÿ”— https://t.co/VmUjsccj8V ๐Ÿ”— https://t.co/L54gaaGL2h #CyberCron #VulnAlert https://t.co/U2LaSnTIn8

    @cybercronai

    1 Mar 2025

    887 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    1 Quote

  3. CVE-2024-53944 02/27/2025 08:16:01 PM An issue was discovered on Tuoshi/Dionlink LT15D 4G Wi-Fi devices through M7628NNxlSPv2xUI_v1.0.1802.10.08_P4 and LT21B devices through M7628xUSAxUIv2_v1.0.1481.15.02_P0. A unauthenticated remot... https://t.co/Qi7ET5wYd7

    @CVETracker

    28 Feb 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Related CVEs

  1. The Semtech LR11xx LoRa transceivers running early versions of firmware contains an information disclosure vulnerability in its firmware validation functionality. When a host issues a firmware validity check command via the SPI interface, the device decrypts the provided encrypted firmware package block-by-block to validate its integrity. However, the last decrypted firmware block remains uncleared in memory after the validation process completes. An attacker with access to the SPI interface can subsequently issue memory read commands to retrieve the decrypted firmware contents from this residual memory, effectively bypassing the firmware encryption protection mechanism. The attack requires physical access to the device's SPI interface.โ€ขCVE-2025-14858
  2. Fortinet FortiClient EMS Improper Access Control Vulnerabilityโ€ขCVE-2026-35616
  3. A flaw has been found in Tenda AC5 15.03.06.47. This vulnerability affects the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. This manipulation of the argument PPPOEPassword causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used.โ€ขCVE-2026-4903
  4. A Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show Controller firmware version 2.15.3 could allow an unauthenticated attacker to bypass authentication and execute arbitrary commands with root privileges.โ€ขCVE-2026-2417
  5. A hardcoded cryptographic key within the configuration mechanism on TP-Link Archer NX200, NX210, NX500 and NX600 enables decryption and re-encryption of device configuration data. An authenticated attacker may decrypt configuration files, modify them, and re-encrypt them, affecting the confidentiality and integrity of device configuration data.โ€ขCVE-2025-15605

References

Sources include official advisories and independent security research.