CVE-2024-3904 Information

Description

Incorrect Default Permissions vulnerability in Smart Device Communication Gateway preinstalled on MELIPC Series MI5122-VW firmware versions \ to \ allows a local attacker to execute arbitrary code by saving a malicious file to a specific folder. As a result the attacker may disclose tamper with destroy or delete information in the product or cause a denial-of-service (DoS) condition on the product.

Reference

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-003_en.pdf