CVE-2024-8258

HIGH

Logitech Options Plus <1.60.496306 - Code Injection

Title source: llm

Description

Improper Control of Generation of Code ('Code Injection') in Electron Fuses in Logitech Options Plus version 1.60.496306 on macOS allows attackers to execute arbitrary code via insecure Electron Fuses configuration.

References (4)

Core 4

Core References

Exploit, Third Party Advisory

https://github.com/r3ggi/electroniz3r

View Exploit ZIP pw:eip

Not Applicable

https://nvd.nist.gov/vuln/detail/CVE-2023-49314

Not Applicable

https://nvd.nist.gov/vuln/detail/CVE-2023-50643

Product

https://www.electronjs.org/docs/latest/tutorial/fuses

Scores

CVSS v3 7.8

EPSS 0.0039

EPSS Percentile 31.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-94

Status published

Products (1)

logitech/logi_options\+ 1.60.496306 - 1.70.551909

Published Sep 10, 2024

Tracked Since Feb 18, 2026