cve/2024/CVE-2024-31442.md

### [CVE-2024-31442](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31442)
![](https://img.shields.io/static/v1?label=Product&message=Redon-Hub&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.0.2%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-276%3A%20Incorrect%20Default%20Permissions&color=brighgreen)

### Description

Redon Hub is a Roblox Product Delivery Bot, also known as a Hub. In all hubs before version 1.0.2, all commands are capable of being ran by all users, including admin commands. This allows users to receive products for free and delete/create/update products/tags/etc. The only non-affected command is `/products admin clear` as this was already programmed for bot owners only. All users should upgrade to version 1.0.2 to receive a patch.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds