CVE-2024-2495

EPSS 0.04%
Veröffentlicht 15.03.2024 13:15:09
Zuletzt bearbeitet 24.03.2025 15:20:18
Quelle cve-coordination@incibe.es
CVE-Watchlists
Login
Unerledigt
Login

Cryptographic key vulnerability encoded in the FriendlyWrt firmware affecting version 2022-11-16.51b3d35. This vulnerability could allow an attacker to compromise the confidentiality and integrity of encrypted data.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Friendlyelec ≫ Friendlywrt Version2022-11-16

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.108

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.4	1.8	2.5	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
cve-coordination@incibe.es	5.2	2	2.7	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.

https://www.incibe.es/en/incibe-cert/notices/aviso/cryptographic-key-plain-text-vulnerability-friendlyelecs-friendlywrt

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-2495

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-2495

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-2495

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-2495