CVE-2024-52564

ENISA EUVD: EUVD-2024-46262 ↗
✓ Confirmed 0-Day
Triaged: March 17, 2026 2 articles Published: 2024-12-05
VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗

EPSS Score

Source: FIRST.org · 2026-05-23
0.14%
probability
This CVE has a 0.14% probability of being exploited in the next 30 days.
0% Top 33.4th percentile of all CVEs 100%

CVSS v3.0

Source: VulnerabilityLookup (CIRCL)
7.5
HIGH
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Description

VulnerabilityLookup (CNA)
Inclusion of undocumented features or chicken bits issue exists in UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 and earlier. A remote attacker may disable the firewall function of the affected products. As a result, an arbitrary OS command may be executed and/or configuration settings of the device may be altered.

Affected Products

I-O DATA DEVICE, INC.
UD-LT1
firmware Ver.2.1.8 and earlier
I-O DATA DEVICE, INC.
UD-LT1/EX
firmware Ver.2.1.8 and earlier

Signal Intelligence

Confidence
72%
EPSS 0.14%
CVSS v3.0 7.5
Mentions 2
Last Seen Dec 04, 2024

CNA Information

CNA Assigner
jpcert

Analyst Note

CVE-2024-52564 is a confirmed zero-day. I-O Data and JPCERT/CC disclosed active exploitation in the wild at the time of public disclosure on December 5, 2024 — before a full patch set was available. The vendor confirmed receiving reports from customers whose devices had been compromised without authorization. What makes this CVE analytically distinctive is its root cause: an undocumented feature (CWE-1242), commonly referred to as a firmware backdoor, that bypasses authentication entirely to allow remote firewall deactivation and OS command execution.

Threat Actors 1

MirrorFace
apt_group 🇨🇳 CN

Triage Info

Decided atMar 17, 2026
Published DateDec 05, 2024