Description: 
--------------
A vulnerability in Silex technology's DS-600 Firmware version 1.4.1 allows remote attackers to edit the device settings through the UDP service using the "SAVE EEP_DATA" command on port 19540. 
This issue stems from incorrect access control mechanisms, enabling unauthorized access and potential information compromise. 
Identified as CVE-2024-24486, this flaw poses a significant security risk and has been acknowledged by the vendor. 
Users are urged to review this vulnerability for potential impact on their systems.


Timeline:
---------
16/01/2024 Vulnerability Discovered
18/01/2024 An email was sent to the vendor support email
19/01/2024 Received a reply from the vendor asking for the vulnerability details, details were shared
22/01/2024 Assigned CVE was shared with the vendor and asked for the remediation timeline - no response from the vendor
01/02/2024 A follow-up email was sent
28/3/2024 No response from the vendor - Vuln released