Root Shell via Config Validation Flaw before V2.17.0 (RUGGEDCOM ROX II)
CVE-2024-56837 Published on December 9, 2025

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). Due to the insufficient validation during the installation and load of certain configuration files of the affected device, an attacker could spawn a reverse shell and gain root access on the affected system.

NVD

Weakness Type

What is a Command Injection Vulnerability?

The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

CVE-2024-56837 has been classified to as a Command Injection vulnerability or weakness.


Affected Versions

Siemens RUGGEDCOM ROX MX5000: Siemens RUGGEDCOM ROX MX5000RE: Siemens RUGGEDCOM ROX RX1400: Siemens RUGGEDCOM ROX RX1500: Siemens RUGGEDCOM ROX RX1501: Siemens RUGGEDCOM ROX RX1510: Siemens RUGGEDCOM ROX RX1511: Siemens RUGGEDCOM ROX RX1512: Siemens RUGGEDCOM ROX RX1524: Siemens RUGGEDCOM ROX RX1536: Siemens RUGGEDCOM ROX RX5000:

Exploit Probability

EPSS
0.02%
Percentile
6.21%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.