CVE-2024-48895

HIGH

Rakuten Turbo 5G <V1.3.18 - Command Injection

Title source: llm

Description

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote authenticated attacker may execute an arbitrary OS command.

References (2)

Core 2

Core References

Third Party Advisory

https://jvn.jp/en/vu/JVNVU90667116/

Various Sources

https://network.mobile.rakuten.co.jp/internet/turbo/information/news/3184/

Scores

CVSS v3 8.8

EPSS 0.0100

EPSS Percentile 58.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-78

Status published

Products (1)

Rakuten Mobile, Inc./Rakuten Turbo 5G V1.3.18 and earlier

Published Nov 20, 2024

Tracked Since Feb 18, 2026