In 2N Access Commander versions 3.1.1.2 and prior, a local attacker can escalate their privileges in the system which could allow for arbitrary 
code execution with root permissions.

In 2N Access Commander versions 3.1.1.2 and prior, an Insufficient 
Verification of Data Authenticity vulnerability could allow an attacker 
to escalate their privileges and gain root access to the system.

In 2N Access Commander versions 3.1.1.2 and prior, a Path Traversal vulnerability could allow an attacker with administrative privileges to write files on the filesystem and potentially achieve arbitrary remote code execution. This vulnerability cannot be exploited by users with lower privilege roles.

On 2N Access Unit 2.0 2.31.0.40.5 devices, an attacker can pose as the web relay for a man-in-the-middle attack.

CVE ID	CVSS	Exploit	Patch
CVE-2024-47255In 2N Access Commander versions 3.1.1.2 and prior, a local attacker can escalate their privileges in the system which could allow for arbitrary code execution with root permissions.	CVSS 7.8	-	-
CVE-2024-47254In 2N Access Commander versions 3.1.1.2 and prior, an Insufficient Verification of Data Authenticity vulnerability could allow an attacker to escalate their privileges and gain root access to the system.	CVSS 7.2	-	-
CVE-2024-47253In 2N Access Commander versions 3.1.1.2 and prior, a Path Traversal vulnerability could allow an attacker with administrative privileges to write files on the filesystem and potentially achieve arbitrary remote code execution. This vulnerability cannot be exploited by users with lower privilege roles.	CVSS 7.2	-	-
CVE-2021-31399On 2N Access Unit 2.0 2.31.0.40.5 devices, an attacker can pose as the web relay for a man-in-the-middle attack.	CVSS 5.9	-	Patched

2n Vulnerabilities