exploitDog

CVE-2024-2413

Опубликовано: 13 мар. 2024

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Intumit SmartRobot uses a fixed encryption key for authentication. Remote attackers can use this key to encrypt a string composed of the user's name and timestamp to generate an authentication code. With this authentication code, they can obtain administrator privileges and subsequently execute arbitrary code on the remote server using built-in system functionality.

Ссылки

https://www.twcert.org.tw/tw/cp-132-7697-ecf10-1.html
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-7697-ecf10-1.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:intumit:smartrobot_firmware:*:*:*:*:*:*:*:*

Версия до 6.2.0-202303TW (исключая)

cpe:2.3:h:intumit:smartrobot:-:*:*:*:*:*:*:*

EPSS

Процентиль: 86%

0.02903

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-321

Связанные уязвимости

GHSA-gpg3-v7vj-4v8w

CVSS3: 9.8

github

почти 2 года назад

Intumit SmartRobot uses a fixed encryption key for authentication. Remote attackers can use this key to encrypt a string composed of the user's name and timestamp to generate an authentication code. With this authentication code, they can obtain administrator privileges and subsequently execute arbitrary code on the remote server using built-in system functionality.

EPSS

Процентиль: 86%

0.02903

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-321