CVE-2024-4425

May 14, 2024, 4:11 p.m.

Tags

cvd@cert.pl
CWE-256
2024-05-14
CVE-2024-4425

Product(s) Impacted

CemiPark software

  • 4.5
  • 4.7
  • 5.03

Description

The access control in CemiPark software stores integration (e.g. FTP or SIP) credentials in plain-text. An attacker who gained unauthorized access to the device can retrieve clear text passwords used by the system.This issue affects CemiPark software: 4.5, 4.7, 5.03 and potentially others. The vendor refused to provide the specific range of affected products.

Weaknesses

Date

Published: May 14, 2024, 3:43 p.m.

Last Modified: May 14, 2024, 4:11 p.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

cvd@cert.pl

References

http://cemi.pl/
cvd@cert.pl
https://cert.pl/en/posts/2024/05/CVE-2024-4423/
cvd@cert.pl
https://cert.pl/posts/2024/05/CVE-2024-4423/
cvd@cert.pl