Undergoing Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
CVE has been recently published to the CVE List and has been received by the NVD.
Products
WAB-I1750-PS
- v1.5.10 and earlier
Source
vultures@jpcert.or.jp
Tags
CVE-2024-39300 details
Published : Aug. 30, 2024, 7:15 a.m.
Last Modified : Aug. 30, 2024, 3:35 p.m.
Last Modified : Aug. 30, 2024, 3:35 p.m.
Description
Missing authentication vulnerability exists in Telnet function of WAB-I1750-PS v1.5.10 and earlier. When Telnet function of the product is enabled, a remote attacker may login to the product without authentication and alter the product's settings.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8.1 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-306 | Missing Authentication for Critical Function | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
8.1
Exploitability Score
2.2
Impact Score
5.9
Base Severity
HIGH
Vector String : CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
References
| URL | Source |
|---|---|
| https://jvn.jp/en/jp/JVN24885537/ | vultures@jpcert.or.jp |
| https://www.elecom.co.jp/news/security/20240827-01/ | vultures@jpcert.or.jp |
This website uses the NVD API, but is not approved or certified by it.