Hidden Functionality vulnerability in DT900

Number:NV24-002
CVE:CVE-2024-3016

Overview

DT900 contains a Hidden Functionality vulnerability(CWE-912).  Specified versions allow an attacker to access the system setting.

Products Affected

DT900

Affected Version

USA
ITK-6DGS-1(BK) TEL
ITK-32LCGS-1(BK) TEL
ITK-32TCGS-1(BK) TEL
ITK-6D-1(BK)TEL
ITK-12D-1(BK)TEL
ITK-8LCX-1(BK)TEL
ITK-8TCGX-1(BK)TEL
v5.0.0.0 – v5.3.4.4
v5.4.0.0 – v5.6.0.20

Australia
ITK-6DGS-1A(BK) TEL
ITK-32LCGS-1A(BK) TEL
ITK-32TCGS-1A(BK) TEL
v5.0.0.0 – v5.3.4.4
v5.4.0.0 – v5.6.0.20

Europe/Asia
ITK-6DGS-1P(BK) TEL
ITK-32LCGS-1P(BK) TEL
ITK-32TCGS-1P(BK) TEL
ITK-6D-1P(BK)TEL
ITK-12D-1P(BK)TEL
ITK-6DG-1P(BK)TEL
ITK-12DG-1P(BK)TEL
ITK-8LCX-1P(BK)TEL
ITK-8LCG-1P(BK)TEL
ITK-32LCG-1P(BK)TEL
ITK-8TCGX-1P(BK)TEL
ITK-32TCG-1P(BK)TEL
v5.0.0.0 – v5.3.4.4
v5.4.0.0 – v5.6.0.20

Solution

Please update.
v5.3.4.5
v5.6.0.21

References

Credit

reported by Mr. Gianluca Altomani and Mr. Manuel Romei. for NEC-PSIRT

Update

2024/05/09
First edition