CVE-2024-0556

EPSS 0.18%
Veröffentlicht 16.01.2024 11:15:08
Zuletzt bearbeitet 21.11.2024 08:46:51
Quelle cve-coordination@incibe.es
CVE-Watchlists
Login
Unerledigt
Login

A Weak Cryptography for Passwords vulnerability has been detected on WIC200 affecting version 1.1. This vulnerability allows a remote user to intercept the traffic and retrieve the credentials from another user and decode it in base64 allowing the attacker to see the credentials in plain text.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Xantech ≫ Wic1200 Firmware Version1.1

Xantech ≫ Wic1200 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.18%	0.4

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
cve-coordination@incibe.es	7.1	2.8	4.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CWE-261 Weak Encoding for Password

Obscuring a password with a trivial encoding does not protect the password.

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-full-compass-systems-wic1200

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-0556

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-0556

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-0556

EUVD