CVE-2024-29844

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-29844
Default credentials on the Web Interface of Evolution Controller 2.x allows anyone to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the password. There is no warning or prompt to ask the user to change the default password.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://directcyber.com.au/sa/CVE-2024-29836-to-29844-evolution-controller-multiple-vulnerabilities.html
https://directcyber.com.au/sa/CVE-2024-29836-to-29844-evolution-controller-multiple-vulnerabilities.html
Configurations

No configuration.

History

21 Nov 2024, 09:08

Type Values Removed Values Added
References () https://directcyber.com.au/sa/CVE-2024-29836-to-29844-evolution-controller-multiple-vulnerabilities.html - () https://directcyber.com.au/sa/CVE-2024-29836-to-29844-evolution-controller-multiple-vulnerabilities.html -

25 Sep 2024, 23:15

Type Values Removed Values Added
Summary (en) Default credentials on the Web Interface of Evolution Controller 2.x (123 and 123) allows anyone to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the password. There is no warning or prompt to ask the user to change the default password. (en) Default credentials on the Web Interface of Evolution Controller 2.x allows anyone to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the password. There is no warning or prompt to ask the user to change the default password.

15 Apr 2024, 13:15

Type Values Removed Values Added
Summary
  • (es) Las credenciales predeterminadas en la interfaz web de Evolution Controller 2.x (123 y 123) permiten que cualquiera inicie sesión en el servidor directamente para realizar funciones administrativas. Tras la instalación o el primer inicio de sesión, la aplicación no solicita al usuario que cambie la contraseña. No hay ninguna advertencia ni mensaje para pedirle al usuario que cambie la contraseña predeterminada.

15 Apr 2024, 03:16

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.5 		v2 : unknown
v3 : 9.8

15 Apr 2024, 00:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-04-15 00:15

Updated : 2024-11-21 09:08

NVD link : CVE-2024-29844

Mitre link : CVE-2024-29844

CVE.ORG link : CVE-2024-29844

JSON object : View

Products Affected

No product.

CWE
CWE-1392

Use of Default Credentials


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024