CVE-2024-53561

CVE-2024-53561 is a remote code execution (RCE) vulnerability affecting the Arcadyan Meteor 2 CPE FG360 Firmware version ETV2.10. It allows attackers to execute arbitrary code through a crafted request, stemming from improper control of code generation as indicated by CWE-94. The vulnerability carries a CVSS v3.1 base score of 8.7, reflecting its high severity due to network accessibility, low attack complexity, and significant impacts on confidentiality and integrity.

Exploitation requires high privileges (PR:H), enabling remote attackers with such access to send a crafted request over the network without user interaction. Successful exploitation grants the ability to execute arbitrary code, achieving high confidentiality and integrity impacts across a changed scope (S:C), though availability remains unaffected (A:N).

For mitigation details, security practitioners should consult the referenced advisories, including the GitHub repository at https://github.com/Mrnmap/mrnmap-cve/blob/main/CVE-2024-53561, which may contain proof-of-concept information, and Arcadyan's 5G solutions page at https://www.arcadyan.com/en-us/solutions/idea/fiveG/ for vendor guidance on patches or updates. The vulnerability was published on January 14, 2025.