Back

CVE-2024-45790

Sept. 11, 2024, 4:26 p.m.

Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.

Products

Reedos aiM-Star

  • 2.0.1

Source

vdisclose@cert-in.org.in

Tags

vdisclose@cert-in.org.in
CWE-307
2024-09-11
CVE-2024-45790

CVE-2024-45790 details

Published : Sept. 11, 2024, 1:15 p.m.
Last Modified : Sept. 11, 2024, 4:26 p.m.

Description

This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack against legitimate user passwords, which could lead to gain unauthorized access and compromise other user accounts.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description
CWE-307 Improper Restriction of Excessive Authentication Attempts The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.

References

URL Source
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0291 vdisclose@cert-in.org.in
This website uses the NVD API, but is not approved or certified by it.