CVE-2024-29844

Опубликовано: 15 апр. 2024

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Default credentials on the Web Interface of Evolution Controller 2.x allows anyone to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the password. There is no warning or prompt to ask the user to change the default password.

Ссылки

https://directcyber.com.au/sa/CVE-2024-29836-to-29844-evolution-controller-multiple-vulnerabilities.html
Third Party Advisory
https://directcyber.com.au/sa/CVE-2024-29836-to-29844-evolution-controller-multiple-vulnerabilities.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cs-technologies:evolution:*:*:*:*:*:*:*:*

Версия до 2.04.560 (включая)

EPSS

Процентиль: 26%

0.00089

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-1392

NVD-CWE-Other

Связанные уязвимости

GHSA-r73j-m9r2-mwv8

CVSS3: 7.5

github

почти 2 года назад

Default credentials on the Web Interface of Evolution Controller 2.x (123 and 123) allows anyone to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the password. There is no warning or prompt to ask the user to change the default password.