CVE-2024-52783

MEDIUM

XINJE XDPPro.exe 3.2.2-3.7.17c - Arbitrary Code Execution via Configuration File Modification

Title source: llm
STIX 2.1

Description

Insecure permissions in the XNetSocketClient component of XINJE XDPPro.exe v3.2.2 to v3.7.17c allows attackers to execute arbitrary code via modification of the configuration file.

References (1)

Core 1

Scores

CVSS v3 5.1
EPSS 0.0017
EPSS Percentile 6.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-276
Status published
Published Jan 15, 2025
Tracked Since Feb 18, 2026