- Description
- Ratta SuperNote A6 X2 Nomad before December 2024 allows remote code execution because an arbitrary firmware image (signed with debug keys) can be sent to TCP port 60002, and placed into the correct image-update location as a consequence of both directory traversal and unintended handling of concurrency.
- Source
- cve@mitre.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 8.1
- Impact score
- 5.9
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- cve@mitre.org
- CWE-23
- Hype score
- Not currently trending
🚨 0-click RCE in SuperNote Nomad CVE-2025-32409 lets attackers on the same Wi-Fi silently install rootkits & gain full control. Flaw in file-sharing server signed debug firmware = instant pwn. No user interaction needed. No patch yet. 📵 Disable Wi-Fi. https://t.co/rQ2Oc
@CareWeDoNot
12 Apr 2025
37 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
セキュリティ研究者Prizm Labsは、Ratta Software製の7.8インチE-Inkタブレット「SuperNote A6 X2 Nomad」に深刻な脆弱性(CVE-2025-32409)を発見した。
@yousukezan
12 Apr 2025
615 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-32409 🔴 HIGH (8.1) 🏢 Ratta - SuperNote A6 X2 Nomad 🏗️ 0 🔗 https://t.co/OLFXR7jMdu #CyberCron #VulnAlert #InfoSec https://t.co/8UmbLcUXgu
@cybercronai
8 Apr 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-32409 Remote Code Execution in Ratta SuperNote A6 X2 Nomad via Firmware Update Vulnerability https://t.co/7XuiZp223D
@VulmonFeeds
8 Apr 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-32409 Ratta SuperNote A6 X2 Nomad before December 2024 allows remote code execution because an arbitrary firmware image (signed with debug keys) can be sent to TCP port 600… https://t.co/1rK2Hu7mdN
@CVEnew
7 Apr 2025
503 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes